Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7uJ95NO82G.exe

Overview

General Information

Sample name:7uJ95NO82G.exe
renamed because original name is a hash value
Original sample name:a9c526f3a276012d554ac382a90bca3d.exe
Analysis ID:1580278
MD5:a9c526f3a276012d554ac382a90bca3d
SHA1:34cab3f18d9a7efa115e154609fded0c2b96f9c8
SHA256:7230b549346dbab880d1d713d8c9dfc1005065c0f0cebb16ad4f1a15f05d088a
Tags:exeuser-abuse_ch
Infos:

Detection

LodaRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LodaRAT
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query the security center for anti-virus and firewall products
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • 7uJ95NO82G.exe (PID: 7740 cmdline: "C:\Users\user\Desktop\7uJ95NO82G.exe" MD5: A9C526F3A276012D554AC382A90BCA3D)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: 7uJ95NO82G.exe PID: 7740JoeSecurity_LodaRATYara detected LodaRATJoe Security
    Process Memory Space: 7uJ95NO82G.exe PID: 7740JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      No Sigma rule has matched
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T08:38:12.040398+010028221161Malware Command and Control Activity Detected192.168.2.749751172.232.216.2504000TCP
      2024-12-24T08:39:18.583513+010028221161Malware Command and Control Activity Detected192.168.2.749904172.232.216.2504000TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T08:37:39.318830+010028498851Malware Command and Control Activity Detected192.168.2.749954172.232.216.2504000TCP
      2024-12-24T08:37:39.318830+010028498851Malware Command and Control Activity Detected192.168.2.749751172.232.216.2504000TCP
      2024-12-24T08:37:39.318830+010028498851Malware Command and Control Activity Detected192.168.2.749904172.232.216.2504000TCP
      2024-12-24T08:37:39.318830+010028498851Malware Command and Control Activity Detected192.168.2.749854172.232.216.2504000TCP
      2024-12-24T08:37:39.318830+010028498851Malware Command and Control Activity Detected192.168.2.749801172.232.216.2504000TCP
      2024-12-24T08:38:12.040398+010028498851Malware Command and Control Activity Detected192.168.2.749751172.232.216.2504000TCP
      2024-12-24T08:38:34.111620+010028498851Malware Command and Control Activity Detected192.168.2.749801172.232.216.2504000TCP
      2024-12-24T08:38:56.476836+010028498851Malware Command and Control Activity Detected192.168.2.749854172.232.216.2504000TCP
      2024-12-24T08:39:18.583513+010028498851Malware Command and Control Activity Detected192.168.2.749904172.232.216.2504000TCP
      2024-12-24T08:39:40.658824+010028498851Malware Command and Control Activity Detected192.168.2.749954172.232.216.2504000TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: 7uJ95NO82G.exeAvira: detected
      Source: C:\Users\user\AppData\Roaming\Windata\svhost.exeAvira: detection malicious, Label: HEUR/AGEN.1321335
      Source: C:\Users\user\AppData\Roaming\Windata\svhost.exeReversingLabs: Detection: 73%
      Source: C:\Users\user\AppData\Roaming\Windata\svhost.exeVirustotal: Detection: 66%Perma Link
      Source: 7uJ95NO82G.exeVirustotal: Detection: 66%Perma Link
      Source: 7uJ95NO82G.exeReversingLabs: Detection: 73%
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.2% probability
      Source: C:\Users\user\AppData\Roaming\Windata\svhost.exeJoe Sandbox ML: detected
      Source: 7uJ95NO82G.exeJoe Sandbox ML: detected
      Source: 7uJ95NO82G.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.7:49751 -> 172.232.216.250:4000
      Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:49751 -> 172.232.216.250:4000
      Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:49801 -> 172.232.216.250:4000
      Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.7:49904 -> 172.232.216.250:4000
      Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:49904 -> 172.232.216.250:4000
      Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:49854 -> 172.232.216.250:4000
      Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:49954 -> 172.232.216.250:4000
      Source: Joe Sandbox ViewASN Name: AKAMAI-ASN1EU AKAMAI-ASN1EU
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: unknownTCP traffic detected without corresponding DNS query: 172.232.216.250
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile,0_2_004422FE
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543674143.0000000003D07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.amazonaws.com/
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543249546.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/z
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543739108.0000000003D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046DC80
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,0_2_0044C37A
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C81C
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00431BE8
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00446313
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004096A00_2_004096A0
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0042200C0_2_0042200C
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0041A2170_2_0041A217
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004122160_2_00412216
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0042435D0_2_0042435D
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004033C00_2_004033C0
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044F4300_2_0044F430
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004125E80_2_004125E8
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044663B0_2_0044663B
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004138010_2_00413801
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0042096F0_2_0042096F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004129D00_2_004129D0
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004119E30_2_004119E3
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0041C9AE0_2_0041C9AE
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0047EA6F0_2_0047EA6F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0040FA100_2_0040FA10
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044EB5F0_2_0044EB5F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00423C810_2_00423C81
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00411E780_2_00411E78
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00442E0C0_2_00442E0C
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00420EC00_2_00420EC0
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044CF170_2_0044CF17
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00444FD20_2_00444FD2
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: String function: 004115D7 appears 36 times
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: String function: 00416C70 appears 39 times
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: String function: 00445AE0 appears 65 times
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543953630.0000000003EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWINVER.EXE.MUIj% vs 7uJ95NO82G.exe
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543926794.0000000003E71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWINVER.EXE.MUIj% vs 7uJ95NO82G.exe
      Source: 7uJ95NO82G.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/1@0/1
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044AF6C GetLastError,FormatMessageW,0_2_0044AF6C
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464EAE
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D619
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00433EE0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,0_2_00433EE0
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,0_2_0047839D
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043305F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeFile created: C:\Users\user\AppData\Roaming\WindataJump to behavior
      Source: 7uJ95NO82G.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM cookies;
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543249546.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM moz_cookies;
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM logins;
      Source: 7uJ95NO82G.exeVirustotal: Detection: 66%
      Source: 7uJ95NO82G.exeReversingLabs: Detection: 73%
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeFile read: C:\Users\user\Desktop\7uJ95NO82G.exeJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: wsock32.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
      Source: 7uJ95NO82G.exeStatic file information: File size 1136091 > 1048576
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
      Source: 7uJ95NO82G.exeStatic PE information: real checksum: 0xa961f should be: 0x120549
      Source: svhost.exe.0.drStatic PE information: real checksum: 0xa961f should be: 0x120549
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00416CB5 push ecx; ret 0_2_00416CC8
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeFile created: C:\Users\user\AppData\Roaming\Windata\svhost.exeJump to dropped file
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_0047A330
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeWindow / User API: threadDelayed 7301Jump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeWindow / User API: foregroundWindowGot 1759Jump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeAPI coverage: 5.2 %
      Source: C:\Users\user\Desktop\7uJ95NO82G.exe TID: 7744Thread sleep time: -73010s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeThread sleep count: Count: 7301 delay: -10Jump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543054037.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543054037.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeAPI call chain: ExitProcess graph end nodegraph_0-88271
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0045A370 BlockInput,0_2_0045A370
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_004238DA
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0041F250 SetUnhandledExceptionFilter,0_2_0041F250
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041A208
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00417DAA
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00436CD7 LogonUserW,0_2_00436CD7
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: winmgmts:\\localhost\root\securitycenter2memstr_1fab74c7-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hklm64\software\mozilla\mozilla firefox\jmemstr_a64e6ca7-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\desktop\7uj95no82g.exeumemstr_866fe0ba-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\windata3memstr_b27d93fb-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user~1\appdata\local\temp\sq8.dll>memstr_dfe298de-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user~1\appdata\local\temp\bass.dll)memstr_9b2756f2-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user~1\appdata\local\temp\bacb.dllmemstr_2794aa53-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ibottommemstr_af6438e5-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: irightmemstr_e8191d5c-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rightxxmemstr_e091461c-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trectmemstr_6c5ac5ae-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trectymemstr_0a171d92-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bottomjmemstr_4d35753c-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ibottomqmemstr_6958591d-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trectxymemstr_4d9f8eea-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bottommemstr_05c2ecc5-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ileftmemstr_26241eb1-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hbitmapwmemstr_b39f44ad-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultmemstr_3e41e906-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fcursormemstr_0e1a64e6-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hsocketmemstr_cef674a7-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 64arraymemstr_e983a8ae-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: timevalmemstr_4b620969-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: reg_szmemstr_bf01062d-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fd_setmemstr_268c15a0-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: longsmemstr_f279ffc8-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vallongimemstr_2c0bb47e-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fdcount4memstr_36cdffa6-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: result,memstr_5cba2c2e-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fdarramemstr_061725b2-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dll32wsmemstr_24bde3ae-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: inttcpmemstr_89944417-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: selectstmemstr_75f27f93-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hsocketymemstr_97c3d9bf-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ptrssememstr_2b7d550d-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ptrssjmemstr_7e1bb375-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fd_setlmemstr_f010d5d1-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: resultmemstr_c7d84ae2-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tagrectmemstr_fcb44b51-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: result2pmemstr_b335b8ea-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dll32wsamemstr_8bb7e231-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hsocketjmemstr_4b121be7-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: erroromemstr_d77b654d-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint6memstr_9d0d98f1-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: result2memstr_9758b2de-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: inttcpgmemstr_b093a66b-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isoketmemstr_30768ebe-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dll32wshmemstr_6bbe4196-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: struct*9memstr_c51d6e08-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hsocket/memstr_9eb650e3-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: logxsdmemstr_27896ea6-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vallongmemstr_4f719575-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint2memstr_6d32ef3b-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trectgmemstr_aa5047a4-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lengthmemstr_3a8c7945-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vallongememstr_377439ae-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eltoul?memstr_8ae0352e-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: length+memstr_d09d6bc7-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: himagememstr_589d8edf-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sclsidmemstr_6c9bbcf9-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sclsid|memstr_9ef02bf6-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: keyddqmemstr_26d8746b-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ibottombmemstr_0f14cb81-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fcursorumemstr_68361d47-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iright_memstr_04b95028-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ilefthmemstr_db676f10-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: itop7memstr_ac0ccf4a-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pathismemstr_79c02648-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hwndwmemstr_949d6782-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: longbmemstr_f597a7dc-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dwordmemstr_fdeed309-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hisaa8tmemstr_0479e477-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: monshumemstr_cca33a3c-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: struct*memstr_89abbc98-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: key8cc=memstr_2e6245cf-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trect)memstr_667efed7-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bretxumemstr_b7668928-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: key8ccmemstr_04ec2b5a-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rightmemstr_fcb492e8-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: piqdncmemstr_54364ffc-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dastrmemstr_110c6a5b-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bottom{memstr_814fd604-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trect}memstr_bd432f13-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: erroramemstr_43a30f19-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fzdirmemstr_e08cbcdf-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: leftcmemstr_8bd2f288-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trectjmemstr_29649edd-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: win32xmemstr_b967ee31-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fzdir2memstr_5da3db41-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ileft5memstr_e48b7eef-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: key2xmemstr_4c916ac9-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trectpmemstr_1c9a0f57-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rightrmemstr_f3da5a65-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ibottomwmemstr_d3d7b792-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bottomcmemstr_c1e9cedb-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trecthvmemstr_a945a3ae-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: leftvmemstr_270c564a-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ibottom>memstr_a5f58f58-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ileftmemstr_403340ff-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: itop(vmemstr_aeb28b4c-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rightememstr_659ae118-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bottomomemstr_1b58f8ac-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fzdir2qmemstr_8c202b43-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trect(xmemstr_3231c371-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: itop0memstr_c398d6fb-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iright5memstr_00361e59-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trect!memstr_26487f5a-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: __sqlite_inline_versionmemstr_a7d023cc-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: __sqlite_verscmpmemstr_c1d569f1-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select * from logins;memstr_01cbc5e5-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cryptunprotectdatamemstr_7411fa45-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uncryptrdppasswordmemstr_0d08b261-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _sqlite_shutdownmemstr_ab0a4f07-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _sqlite_gettable2dmemstr_a6930c69-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: objantivirusproductbmemstr_e8fd978e-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: g_butf8errormsg_sqlite#memstr_d998a0f5-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: g_sprintcallback_sqlite-memstr_672f6252-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select * from cookies;memstr_23948596-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: g_sprintcallback_sqlitememstr_acdceff3-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: __sqlite_verscmpersionmemstr_fa6fdd04-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _replacestringinfilememstr_ad95781c-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _screencapture_capturememstr_08b55ebb-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: getasynckeystatememstr_18f4466a-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _winapi_getwindowrectmemstr_05a51082-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tcpevent_disconnectmemstr_8c61e4ca-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: proxyclient_startmemstr_28f3af47-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _arrayconcatenatememstr_3cc3109e-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _filelisttoarraypturememstr_387f7911-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: proxyclient_startmemstr_f4c05173-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _screencapture_capturegmemstr_d9cacad9-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tcpevent_disconnecthmemstr_b72ad2c5-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dwmgetwindowattributeqmemstr_c339fdd1-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tcpevent_disconnectcmemstr_ccb81f47-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ptr;ptr;short;short;ptr6memstr_b9f9df21-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tcpevent_disconnect?memstr_25095bdf-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell.applicationmemstr_e4becf12-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: objantivirusproductmemstr_1c45755f-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _ispressedtsmemstr_bd7b06ca-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: user32.dllmemstr_8aea64a0-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: user32.dlleatememstr_dee46929-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: getwindowrectmemstr_32ce5e21-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: extendedosememstr_f894e527-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: monitorgrabberememstr_8599029c-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: usernamexpvmemstr_9670c970-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverribymemstr_2b6c8457-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever\memstr_23293554-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrevergmemstr_6ab2adb7-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /(click smmemstr_3d0d42a6-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: extended!memstr_b19a14de-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _ispressed/memstr_5f3b43b5-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /(click smemstr_bb8ae79e-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: monitorxtitgmemstr_1dbf2e4f-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: usernametringmemstr_03f0f9f3-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: monitorxtittmemstr_2889e85b-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrevermemstr_79862bb2-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverrmemstr_4e9b23b8-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverumemstr_a9a0dd90-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverxmemstr_84757269-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrevercmemstr_ba686096-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverfmemstr_aa58f610-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverimemstr_e4990834-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverlmemstr_01583baa-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: proxy_dllwmemstr_47375f5b-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverzmemstr_cd717c3e-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever]memstr_553afcf4-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever@memstr_7e678212-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugreverkmemstr_87b85cc1-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrevernmemstr_5d61ca26-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever1memstr_a7dd388b-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever4memstr_6c17c5d5-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever?memstr_19467235-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever"memstr_8551d214-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever%memstr_d85ad10c-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plugrever(memstr_1743a4c6-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: client_ipmemstr_93582f4d-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avarraysourcememstr_44163231-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avarraytargetmemstr_08fcc5d0-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell32.dllmemstr_8414b789-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundsourcememstr_fb4d955a-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundtargetmemstr_8f76a29e-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundsource0memstr_f5a5b1b1-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avarraysourcevmemstr_00a82257-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hdll_ws2_32ymemstr_5da29ab3-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _fileprint|memstr_4e0a25a3-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundsourcegmemstr_53fae884-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundsourcejmemstr_d2a8d1f8-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avarraysourcemmemstr_cb09203a-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avarraytarget[memstr_37fb4b66-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shellexecutew^memstr_0918a837-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: extendedamemstr_d9a8f08c-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avarraysourceomemstr_fc6db689-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avarraytarget5memstr_744869d9-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avarraytarget8memstr_b9a66bfe-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _tcpiptoname#memstr_80aaa7f3-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: client_ip&memstr_e90bca3d-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundtarget,memstr_a6228369-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vadllcallerrormemstr_48c80a0c-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vadllcallmemstr_018c2e41-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hdll_ws2_32memstr_999a7784-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wsagetlasterrormemstr_cb158d8f-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shostnameseatememstr_6fbd03d3-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: inaddr_nonememstr_481f4110-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vhostentmemstr_aea5c719-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gethostbyaddrmemstr_7aaf08ef-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vptrhostentmemstr_c8d82693-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shostnamesmemstr_c4f5e369-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sseparatormemstr_5d3eb074-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ws2_32.dllmemstr_6ef21050-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vh_aliaseseatememstr_9f255858-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vh_aliasesmemstr_567a7359-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: inet_addrmemstr_c903b6fe-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hdll_ws2_32rmemstr_7f6a12b2-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sendswithwmemstr_e671090b-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_totfilepcrzmemstr_9f033a48-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ulong_ptr:cdecl}memstr_246dc143-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_totfilekmemstr_2771d55e-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: afilelinesnmemstr_53db6571-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iencodingpcrqmemstr_5906c418-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_totfiletmemstr_9e70365f-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vszstringpws_memstr_320d1496-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szfilenamebmemstr_60dc9057-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szreplacestringememstr_8882a11d-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: foccuranceringhmemstr_e10973df-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sendswithrng3memstr_0a03fe4b-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shostnames6memstr_2e05bb5c-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vhostent9memstr_28f908d5-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vh_aliases<memstr_ab1b5c06-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shostnames'memstr_9d42e3a6-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msvcrt.dll*memstr_2a6c3960-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vh_aliases-memstr_d5633189-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vszstringmemstr_8c2dcced-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fcasenessmemstr_c5986cb7-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szfilenamememstr_632480a6-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vszstringdmemstr_2cc85530-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sendswithmemstr_1b680391-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_totfileribememstr_0715b36e-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szfilenameibmemstr_e512158d-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szsearchstringmemstr_fa0e01b2-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sendswithtatememstr_278f0709-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: oishelldispatchmemstr_e4f3a16f-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hwritehandlememstr_521a124f-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fcasenesslememstr_c001b273-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szreplacestringmemstr_dbbb0eab-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: foccurancememstr_27db8cca-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: afilelinesmemstr_1330796c-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szfilenamedingmemstr_0389eb9f-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fo_overwritememstr_1000a1a3-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iencodingmemstr_383655c3-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sendswithtringmemstr_37b7f9c3-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ishowflagmemstr_1c664ebf-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: owebbrowsermemstr_06c58d68-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: afilelinespmemstr_e88f792b-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: afilelines{memstr_eb333469-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: afilelines~memstr_653e3928-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sw_shownormaldmemstr_d9e0193e-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hwritehandlermemstr_44cfb827-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: afilelinesumemstr_0569c9bf-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: foccurancexmemstr_d0159997-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szfilenamecmemstr_b7014e1b-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: afilelinesingfmemstr_3abdaecf-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: szsearchstringimemstr_d0379879-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fcasenesstelmemstr_1bdc228f-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avstatus8:memstr_24485f9d-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: osversion=memstr_7bbb2158-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ishowflag memstr_b1ab78e1-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: documentspatch+memstr_94281326-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: findwindowsw.memstr_edc9a4d9-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _(xp|200(0|3))memstr_9d985c5c-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: displaynamememstr_ac9881b1-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: applicationmemstr_ac052a01-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: colitemsmemstr_f18b3f83-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avstatus8memstr_87c712b3-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avstatus8tememstr_29f55075-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shellexecutememstr_24e12eb1-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: extendedmemstr_57b72212-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: execquerypatchmemstr_21959f98-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: productstatememstr_4006886d-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultx1memstr_6b352c80-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: resbulkxmemstr_1f0a3b9a-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icolumnsx1qmemstr_6be1a5ed-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultx1tmemstr_26e96d28-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: checkdllbmemstr_16aa653b-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultx1hmemstr_2b5cb7a7-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _sqlite_openvmemstr_2bfed217-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icolumnsx1\memstr_b1b5f538-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultx1gmemstr_cd4c35ca-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultx1jmemstr_84a753ea-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: realpath2;memstr_99cc397f-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ssqlitedll>memstr_66b9ad1e-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: realpath2!memstr_1e913e4c-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \dbsq2.db$memstr_737b21a1-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: realpath2artup/memstr_45b09424-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _sqlite_startupmemstr_08c0010e-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultx1enmemstr_64c1ecec-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: realpath2memstr_995977dc-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sqlite_okmemstr_0b514a20-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: disabledmemstr_edd39f6a-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultxmemstr_d8303d01-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: spathdatamemstr_720ec009-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: yyrtrreeaamemstr_63f3f269-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: realpathmrightmemstr_ef142569-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: logdoxetsmemstr_565aaa7c-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: realpathsmemstr_bcb66d66-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icolumnsxmemstr_86f112cb-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sqlite_okartupmemstr_d1643b56-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: realpathmemstr_f5ba5447-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: chromeopreramemstr_2ca02a25-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: checkdllmemstr_576035a7-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _sqlite_closememstr_74cbc201-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \dbsq.dbmemstr_eb88269a-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ssqlitedllrmemstr_2292e50d-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _sqlite_openumemstr_6f4a9fa7-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: realpathlosexmemstr_3522694a-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultxcmemstr_4456e8cc-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icolumnsxfmemstr_3db83b96-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultxelmemstr_fc284b99-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ielementcreatewmemstr_29a8f827-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultx]memstr_4d4ad590-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: data_blobkmemstr_46be71c3-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pwdescriptionenmemstr_30bea3e0-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ielementetete1memstr_87291a56-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: data_blob4memstr_621d56e5-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ielementtring?memstr_ca11b680-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aresultx%memstr_ef0e5135-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _sqlite_close(memstr_bbd45262-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: data_blobmemstr_8385c688-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _arraydeletetrmemstr_898ca837-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ielementcreatememstr_cba668f0-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stealdonexmemstr_7e56d3fa-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: checkdlllosememstr_4aad5022-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ssqlitedllmemstr_d7120387-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: byte[1024]memstr_5c096eb9-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: crypt32.dllptrmemstr_34eff1fb-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ielementtringmemstr_6b4e0424-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ielementmemstr_50b31918-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomptypememstr_6e906652-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomptypeopmemstr_fa31c41d-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundsubmemstr_9b2c0d0f-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomparememstr_0176dd8b-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isubitemoopmemstr_a2619c45-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _tempfilermemstr_a4b0b974-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isubitemmemstr_851ce6a2-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_fileprefixmememstr_025c6e6e-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _arraysearchmemstr_9a54eff6-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_directorynamememstr_84b1d00a-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scriptdirynamesmemstr_42263307-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomparevmemstr_8a01cb96-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iforwardymemstr_0f75521a-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomptype|memstr_8f19e770-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iforwardgmemstr_5767c1ff-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomparejmemstr_f28a27da-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isubitemmmemstr_640e2549-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomptypepmemstr_5f464b10-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundsubp^memstr_547282df-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isubitemamemstr_bc61fe9c-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomptypedmemstr_2fc88d56-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isubitemomemstr_8b45fed7-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundsub2memstr_083dc4c7-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icomptypech5memstr_119328ce-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iuboundsub8memstr_083dddc2-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isubitem#memstr_1828d6ae-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icompare&memstr_8ff81ce7-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isubiteme,memstr_4709b305-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_tempnamememstr_cedde5ee-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: i_randomlengthmemstr_3a9b6230-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_tempnamenamememstr_f6b832e8-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_tempnamegthmemstr_b17a56dd-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_fileprefixmemstr_602ee54a-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_fileextensionmemstr_2419000a-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stextzwvmemstr_e82ffe6c-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regdat[memstr_3851ce96-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: firx<memstr_eea4199a-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stextzwmemstr_697b8624-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: seconx"memstr_c5812fef-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: firx$memstr_4792d66f-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: seconxmemstr_8f7083cb-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ffzetememstr_b9232d2f-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hisaamemstr_6cec3216-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: key8cc]memstr_5acd4a2d-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ssaevv:memstr_be2453ac-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pidx?memstr_0bfc91fc-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mgxclimemstr_6bfa31cc-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: beginxcmemstr_87a5cb9d-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fddsf43memstr_4a1c78b9-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mdayhmemstr_f3a83b5c-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: actwhmemstr_efdf9b90-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mday*memstr_045e564e-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ssaevvmemstr_f920ecc5-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vicnamememstr_5e03db4b-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icallxmemstr_f72fc59e-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ncountmemstr_9f15f103-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ffzetenmemstr_77664a70-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s_filememstr_49d2d3fe-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vicname+memstr_e41f4d5a-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: seconx(memstr_e0c42e55-3
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: i_showmemstr_62239eb8-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ushortmemstr_32d906ae-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shexkey_memstr_b47ce0d2-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: error*memstr_c9818dc0-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shortmemstr_217104f4-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shexkeymemstr_d4f630aa-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hisaagmemstr_613273d2-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icall8memstr_a88f8536-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543620760.0000000003CBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plurevbmemstr_95232468-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bbjnnnnmemstr_a4305dc7-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ipsc2memstr_f3ed8a60-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vvahkmemstr_09f252f5-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _getavmemstr_e03aa9df-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: monoprismemstr_c87b9f00-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: winstaxpmemstr_293dfde9-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: logpathzmemstr_dbee88bc-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: win_8xmemstr_889c752a-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fo_readmemstr_7e07c39c-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: swhidememstr_27d072e4-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tagguidmemstr_4aac3007-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tagrectmemstr_bb4a7bf9-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tempdirtmemstr_320c7f02-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vatytylmemstr_7e704e98-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fzhhet]memstr_58ab2a62-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fazeyfebmemstr_0cbc059f-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ffazezsdmemstr_9553054b-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fvffs0memstr_5f752ff5-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hgazdd:memstr_94e1f2e7-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: yyzadc+memstr_ec491ab9-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pi20pmemstr_eddc97b9-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: schromememstr_2315f973-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: soperamemstr_0706b1ce-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tgztretmemstr_f8eaba6e-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: yyzerfmemstr_6c8efeb4-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: longsmemstr_83617cff-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 64arraymemstr_afcb9e7b-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: baenchmemstr_ffb7963f-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fdarrawmemstr_4c0d010d-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: logxsdymemstr_d3d0d5c9-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fdcountcmemstr_7473e9d2-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dll32wsomemstr_7a62d294-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: selects=memstr_9cf57576-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ptrss.memstr_9a392055-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint2memstr_3aba9f8d-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: isoketmemstr_0358690f-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: inttcpmemstr_955ee0dd-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eltoulmemstr_d2bd541a-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bssettymemstr_f1a1dffa-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: basst{memstr_e7b53c72-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hophx_memstr_1d9b1e95-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uaxw(memstr_2c28ae85-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cameximemstr_67921bcb-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sousnememstr_76afe3bd-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vvytrememstr_0cac9d03-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lodr(memstr_eac41b87-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: webs8memstr_e45da788-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: certyumemstr_3c566cfa-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8dsd8smemstr_d7e039e4-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bejdshdmemstr_84fad85c-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: p12ccv1wmemstr_ba4e658b-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: srtttty[memstr_8c268462-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msssxdmemstr_abb2e297-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: strs5memstr_07c79518-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fasil?memstr_540c32d1-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lpardmemstr_5e8de92f-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scodepmemstr_056c3622-2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wpdsdmemstr_4340674e-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: jpxd0memstr_74357fb1-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lfertmemstr_a5dd9fd0-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nejmamemstr_6ec6b32d-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pathismemstr_3fdded09-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fftzzzmemstr_72244e7c-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: phtisaxmemstr_9cae5556-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cert8memstr_6ee34787-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dirfoxsmemstr_29fc09e4-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pacthwaumemstr_dd78f26e-d
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: svw2zmemstr_00520b7c-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: souxcmemstr_df9acbbd-6
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dlcliehmemstr_74f992e5-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: screen;memstr_8f9f5ffe-0
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: escupxmemstr_60c3037d-9
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ccwa1memstr_6c26a99f-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: thisavmemstr_050b1f3f-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: recivtmemstr_3795a57c-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ngdfgrtmemstr_cf1397fe-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bbdfdfpmemstr_ff495292-a
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dexczmemstr_8fdf99be-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vicnamememstr_e1ec63ae-8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: win32xmemstr_d1d40317-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1666ssmemstr_520184b3-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1666hmemstr_4d7b8b2e-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qlits8memstr_b290f1e4-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: thisav2umemstr_158d56d2-7
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: camx_memstr_f4771595-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: resxoxmemstr_89740420-f
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: archx9memstr_8b3128f5-4
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ddaa(memstr_b8b12cfc-b
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ddfdztymemstr_20831861-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mouxcmemstr_fce925a4-e
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: actqusmemstr_66006de0-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: useccmemstr_c3a1aebb-1
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tooor83memstr_fa286c83-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: porsdmemstr_b8610672-c
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uuxxxmemstr_1f02e8a6-5
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x2x2x2memstr_e1727302-e
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_0043333C
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00446124
      Source: 7uJ95NO82G.exeBinary or memory string: Shell_TrayWnd
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543249546.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [Class:Shell_TrayWnd]
      Source: 7uJ95NO82G.exe, svhost.exe.0.drBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004720DB GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,0_2_004720DB
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00472C3F GetUserNameW,0_2_00472C3F
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0041E364
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543054037.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, 7uJ95NO82G.exe, 00000000.00000002.2543054037.0000000000B0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: Process Memory Space: 7uJ95NO82G.exe PID: 7740, type: MEMORYSTR
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543249546.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_XP
      Source: svhost.exe.0.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543249546.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_XPe
      Source: 7uJ95NO82G.exeBinary or memory string: WIN_VISTA
      Source: 7uJ95NO82G.exeBinary or memory string: WIN_7
      Source: 7uJ95NO82G.exeBinary or memory string: WIN_8
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543249546.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_VISTA2
      Source: 7uJ95NO82G.exe, 00000000.00000002.2543906248.0000000003E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_8x
      Source: Yara matchFile source: Process Memory Space: 7uJ95NO82G.exe PID: 7740, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: Process Memory Space: 7uJ95NO82G.exe PID: 7740, type: MEMORYSTR
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0046CEF3
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_004652BE
      Source: C:\Users\user\Desktop\7uJ95NO82G.exeCode function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476619
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure2
      Valid Accounts
      1
      Windows Management Instrumentation
      1
      DLL Side-Loading
      1
      Exploitation for Privilege Escalation
      1
      Disable or Modify Tools
      21
      Input Capture
      2
      System Time Discovery
      Remote Services1
      Archive Collected Data
      1
      Ingress Tool Transfer
      Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Native API
      2
      Valid Accounts
      1
      DLL Side-Loading
      1
      Deobfuscate/Decode Files or Information
      LSASS Memory1
      Account Discovery
      Remote Desktop Protocol21
      Input Capture
      1
      Encrypted Channel
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
      Valid Accounts
      2
      Obfuscated Files or Information
      Security Account Manager2
      File and Directory Discovery
      SMB/Windows Admin Shares3
      Clipboard Data
      SteganographyAutomated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
      Access Token Manipulation
      1
      DLL Side-Loading
      NTDS5
      System Information Discovery
      Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
      Process Injection
      1
      Masquerading
      LSA Secrets151
      Security Software Discovery
      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Valid Accounts
      Cached Domain Credentials2
      Virtualization/Sandbox Evasion
      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
      Virtualization/Sandbox Evasion
      DCSync3
      Process Discovery
      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
      Access Token Manipulation
      Proc Filesystem11
      Application Window Discovery
      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
      Process Injection
      /etc/passwd and /etc/shadow1
      System Owner/User Discovery
      Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      7uJ95NO82G.exe67%VirustotalBrowse
      7uJ95NO82G.exe74%ReversingLabsWin32.Trojan.AutoitInject
      7uJ95NO82G.exe100%AviraHEUR/AGEN.1321335
      7uJ95NO82G.exe100%Joe Sandbox ML
      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Roaming\Windata\svhost.exe100%AviraHEUR/AGEN.1321335
      C:\Users\user\AppData\Roaming\Windata\svhost.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Roaming\Windata\svhost.exe74%ReversingLabsWin32.Trojan.AutoitInject
      C:\Users\user\AppData\Roaming\Windata\svhost.exe67%VirustotalBrowse
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      No contacted domains info
      NameSourceMaliciousAntivirus DetectionReputation
      http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite37uJ95NO82G.exe, 00000000.00000002.2543739108.0000000003D24000.00000004.00000020.00020000.00000000.sdmpfalse
        high
        http://ip-score.com/checkip/z7uJ95NO82G.exe, 00000000.00000002.2543249546.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          http://checkip.amazonaws.com/7uJ95NO82G.exe, 00000000.00000002.2543674143.0000000003D07000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            172.232.216.250
            unknownUnited States
            20940AKAMAI-ASN1EUtrue
            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1580278
            Start date and time:2024-12-24 08:36:46 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 4m 47s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:7
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:7uJ95NO82G.exe
            renamed because original name is a hash value
            Original Sample Name:a9c526f3a276012d554ac382a90bca3d.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@1/1@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 83
            • Number of non-executed functions: 284
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56, 172.202.163.200
            • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            No simulations
            No context
            No context
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            AKAMAI-ASN1EUnabx86.elfGet hashmaliciousUnknownBrowse
            • 23.7.216.65
            Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
            • 184.85.182.130
            [External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.emlGet hashmaliciousUnknownBrowse
            • 23.195.39.65
            ChoForgot.exeGet hashmaliciousVidarBrowse
            • 23.219.82.25
            nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
            • 104.126.116.105
            jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
            • 23.55.153.106
            HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
            • 23.55.153.106
            OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
            • 23.55.153.106
            NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
            • 23.55.153.106
            pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
            • 23.55.153.106
            No context
            No context
            Process:C:\Users\user\Desktop\7uJ95NO82G.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):1136091
            Entropy (8bit):7.393176843129186
            Encrypted:false
            SSDEEP:24576:0RmJkcoQricOIQxiZY1iaPHwLDjz1yoVzUPbLwzmmhZJY5:RJZoQrbTFZY1iaPHUMoVzUPgpzJY5
            MD5:A9C526F3A276012D554AC382A90BCA3D
            SHA1:34CAB3F18D9A7EFA115E154609FDED0C2B96F9C8
            SHA-256:7230B549346DBAB880D1D713D8C9DFC1005065C0F0CEBB16AD4F1A15F05D088A
            SHA-512:7C62FBDC6CB645B0A9056786ED3277A1016B47949F6193271A1474B573C4F7C3845E518BAB207C1D4E4D85AEE64BB4EC6CC5605534C3F6E52D24248007D4E5C1
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 74%
            • Antivirus: Virustotal, Detection: 67%, Browse
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................1b.....P.)....Q.....y.....i.......}...N......d.....`.....m.....g....Rich............PE..L....%O..........#..................e....... ....@...........................................@.......@.........................T.................................................................................... ..D............................text............................... ..`.rdata....... ......................@..@.data...X........h..................@....rsrc................T..............@..@........................................................................................................................................................................................................................................................................................................................................................
            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):7.393176843129186
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:7uJ95NO82G.exe
            File size:1'136'091 bytes
            MD5:a9c526f3a276012d554ac382a90bca3d
            SHA1:34cab3f18d9a7efa115e154609fded0c2b96f9c8
            SHA256:7230b549346dbab880d1d713d8c9dfc1005065c0f0cebb16ad4f1a15f05d088a
            SHA512:7c62fbdc6cb645b0a9056786ed3277a1016b47949f6193271a1474b573c4f7c3845e518bab207c1d4e4d85aee64bb4ec6cc5605534c3f6e52d24248007d4e5c1
            SSDEEP:24576:0RmJkcoQricOIQxiZY1iaPHwLDjz1yoVzUPbLwzmmhZJY5:RJZoQrbTFZY1iaPHUMoVzUPgpzJY5
            TLSH:5E35D121F9C68076C2B323B19E7EF76A9A3D69360337D2D727C81D215EA05416B39723
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..
            Icon Hash:4553642d1ae5d893
            Entrypoint:0x4165c1
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            DLL Characteristics:TERMINAL_SERVER_AWARE
            Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:5
            OS Version Minor:0
            File Version Major:5
            File Version Minor:0
            Subsystem Version Major:5
            Subsystem Version Minor:0
            Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378
            Instruction
            call 00007FA0D87E32DBh
            jmp 00007FA0D87DA14Eh
            int3
            int3
            int3
            int3
            int3
            push ebp
            mov ebp, esp
            push edi
            push esi
            mov esi, dword ptr [ebp+0Ch]
            mov ecx, dword ptr [ebp+10h]
            mov edi, dword ptr [ebp+08h]
            mov eax, ecx
            mov edx, ecx
            add eax, esi
            cmp edi, esi
            jbe 00007FA0D87DA2CAh
            cmp edi, eax
            jc 00007FA0D87DA466h
            cmp ecx, 00000080h
            jc 00007FA0D87DA2DEh
            cmp dword ptr [004A9724h], 00000000h
            je 00007FA0D87DA2D5h
            push edi
            push esi
            and edi, 0Fh
            and esi, 0Fh
            cmp edi, esi
            pop esi
            pop edi
            jne 00007FA0D87DA2C7h
            jmp 00007FA0D87DA6A2h
            test edi, 00000003h
            jne 00007FA0D87DA2D6h
            shr ecx, 02h
            and edx, 03h
            cmp ecx, 08h
            jc 00007FA0D87DA2EBh
            rep movsd
            jmp dword ptr [00416740h+edx*4]
            mov eax, edi
            mov edx, 00000003h
            sub ecx, 04h
            jc 00007FA0D87DA2CEh
            and eax, 03h
            add ecx, eax
            jmp dword ptr [00416654h+eax*4]
            jmp dword ptr [00416750h+ecx*4]
            nop
            jmp dword ptr [004166D4h+ecx*4]
            nop
            inc cx
            add byte ptr [eax-4BFFBE9Ah], dl
            inc cx
            add byte ptr [ebx], ah
            ror dword ptr [edx-75F877FAh], 1
            inc esi
            add dword ptr [eax+468A0147h], ecx
            add al, cl
            jmp 00007FA0DAC52AC7h
            add esi, 03h
            add edi, 03h
            cmp ecx, 08h
            jc 00007FA0D87DA28Eh
            rep movsd
            jmp dword ptr [00000000h+edx*4]
            Programming Language:
            • [ C ] VS2010 SP1 build 40219
            • [C++] VS2010 SP1 build 40219
            • [ C ] VS2008 SP1 build 30729
            • [IMP] VS2008 SP1 build 30729
            • [ASM] VS2010 SP1 build 40219
            • [RES] VS2010 SP1 build 40219
            • [LNK] VS2010 SP1 build 40219
            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000xd1f8.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0xab0000xd1f80xd200d3729b4f5abe2ab5d5f637ad0d7b3bc1False0.7096354166666666data6.468689708068412IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0xab4480x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
            RT_ICON0xab5700x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
            RT_ICON0xab6980x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
            RT_ICON0xab7c00xa2a8Device independent bitmap graphic, 100 x 200 x 32, image size 41600EnglishGreat Britain0.8253121998078771
            RT_MENU0xb5a680x50dataEnglishGreat Britain0.9
            RT_DIALOG0xb5ab80xfcdataEnglishGreat Britain0.6507936507936508
            RT_STRING0xb5bb80x530dataEnglishGreat Britain0.33960843373493976
            RT_STRING0xb60e80x690dataEnglishGreat Britain0.26964285714285713
            RT_STRING0xb67780x4d0dataEnglishGreat Britain0.36363636363636365
            RT_STRING0xb6c480x5fcdataEnglishGreat Britain0.3087467362924282
            RT_STRING0xb72480x65cdataEnglishGreat Britain0.34336609336609336
            RT_STRING0xb78a80x388dataEnglishGreat Britain0.377212389380531
            RT_STRING0xb7c300x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
            RT_GROUP_ICON0xb7d880x14dataEnglishGreat Britain1.25
            RT_GROUP_ICON0xb7da00x14dataEnglishGreat Britain1.15
            RT_GROUP_ICON0xb7db80x14dataEnglishGreat Britain1.25
            RT_GROUP_ICON0xb7dd00x14dataEnglishGreat Britain1.25
            RT_VERSION0xb7de80x19cdataEnglishGreat Britain0.5339805825242718
            RT_MANIFEST0xb7f880x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581
            DLLImport
            WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
            VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
            COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
            MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
            WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
            PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
            USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
            KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
            USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
            GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
            ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
            SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
            ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
            OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit
            Language of compilation systemCountry where language is spokenMap
            EnglishGreat Britain
            EnglishUnited States
            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
            2024-12-24T08:37:39.318830+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749954172.232.216.2504000TCP
            2024-12-24T08:37:39.318830+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749751172.232.216.2504000TCP
            2024-12-24T08:37:39.318830+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749904172.232.216.2504000TCP
            2024-12-24T08:37:39.318830+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749854172.232.216.2504000TCP
            2024-12-24T08:37:39.318830+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749801172.232.216.2504000TCP
            2024-12-24T08:38:12.040398+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.749751172.232.216.2504000TCP
            2024-12-24T08:38:12.040398+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749751172.232.216.2504000TCP
            2024-12-24T08:38:34.111620+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749801172.232.216.2504000TCP
            2024-12-24T08:38:56.476836+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749854172.232.216.2504000TCP
            2024-12-24T08:39:18.583513+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.749904172.232.216.2504000TCP
            2024-12-24T08:39:18.583513+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749904172.232.216.2504000TCP
            2024-12-24T08:39:40.658824+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749954172.232.216.2504000TCP
            TimestampSource PortDest PortSource IPDest IP
            Dec 24, 2024 08:38:11.919949055 CET497514000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:12.039597988 CET400049751172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:12.039756060 CET497514000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:12.040397882 CET497514000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:12.159873962 CET400049751172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:33.957365990 CET400049751172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:33.957480907 CET497514000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:33.975724936 CET497514000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:33.991509914 CET498014000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:34.095160007 CET400049751172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:34.111145973 CET400049801172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:34.111246109 CET498014000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:34.111619949 CET498014000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:34.231013060 CET400049801172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:56.207984924 CET400049801172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:56.208049059 CET498014000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:56.280775070 CET498014000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:56.355649948 CET498544000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:56.400435925 CET400049801172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:56.475250006 CET400049854172.232.216.250192.168.2.7
            Dec 24, 2024 08:38:56.475359917 CET498544000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:56.476835966 CET498544000192.168.2.7172.232.216.250
            Dec 24, 2024 08:38:56.596321106 CET400049854172.232.216.250192.168.2.7
            Dec 24, 2024 08:39:18.412233114 CET400049854172.232.216.250192.168.2.7
            Dec 24, 2024 08:39:18.412345886 CET498544000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:18.444655895 CET498544000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:18.460306883 CET499044000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:18.564189911 CET400049854172.232.216.250192.168.2.7
            Dec 24, 2024 08:39:18.579869032 CET400049904172.232.216.250192.168.2.7
            Dec 24, 2024 08:39:18.583234072 CET499044000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:18.583513021 CET499044000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:18.702999115 CET400049904172.232.216.250192.168.2.7
            Dec 24, 2024 08:39:40.489999056 CET400049904172.232.216.250192.168.2.7
            Dec 24, 2024 08:39:40.490221977 CET499044000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:40.523150921 CET499044000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:40.538680077 CET499544000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:40.643011093 CET400049904172.232.216.250192.168.2.7
            Dec 24, 2024 08:39:40.658236027 CET400049954172.232.216.250192.168.2.7
            Dec 24, 2024 08:39:40.658350945 CET499544000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:40.658823967 CET499544000192.168.2.7172.232.216.250
            Dec 24, 2024 08:39:40.778337955 CET400049954172.232.216.250192.168.2.7

            Click to jump to process

            Click to jump to process

            Click to dive into process behavior distribution

            Target ID:0
            Start time:02:37:44
            Start date:24/12/2024
            Path:C:\Users\user\Desktop\7uJ95NO82G.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\7uJ95NO82G.exe"
            Imagebase:0x400000
            File size:1'136'091 bytes
            MD5 hash:A9C526F3A276012D554AC382A90BCA3D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Reset < >

              Execution Graph

              Execution Coverage:3.9%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:11.4%
              Total number of Nodes:2000
              Total number of Limit Nodes:60
              execution_graph 85403 472ac7 85406 433493 WSAStartup 85403->85406 85405 472ad2 85407 433570 _wcscpy 85406->85407 85408 4334be gethostname gethostbyname 85406->85408 85407->85405 85408->85407 85409 4334e5 85408->85409 85410 433500 _wcscpy 85409->85410 85411 43351a _memmove 85409->85411 85412 43350b WSACleanup 85410->85412 85413 43352a inet_ntoa 85411->85413 85412->85405 85414 433544 _strcat 85413->85414 85418 43299a 85414->85418 85416 433552 moneypunct _wcscpy 85417 433561 WSACleanup 85416->85417 85417->85405 85419 4329d0 85418->85419 85420 4329a9 _strlen 85418->85420 85419->85416 85421 4329ba MultiByteToWideChar 85420->85421 85421->85419 85422 4329d6 85421->85422 85425 4115d7 85422->85425 85427 4115e1 _malloc 85425->85427 85428 4115fb MultiByteToWideChar 85427->85428 85432 4115fd std::exception::exception 85427->85432 85436 4135bb 85427->85436 85428->85416 85429 41163b 85451 4180af 46 API calls std::exception::operator= 85429->85451 85431 411645 85452 418105 RaiseException 85431->85452 85432->85429 85450 41130a 51 API calls __cinit 85432->85450 85435 411656 85437 413638 _malloc 85436->85437 85441 4135c9 _malloc 85436->85441 85458 417f77 46 API calls __getptd_noexit 85437->85458 85440 4135f7 RtlAllocateHeap 85440->85441 85449 413630 85440->85449 85441->85440 85443 413624 85441->85443 85446 413622 85441->85446 85447 4135d4 85441->85447 85456 417f77 46 API calls __getptd_noexit 85443->85456 85457 417f77 46 API calls __getptd_noexit 85446->85457 85447->85441 85453 418901 46 API calls 2 library calls 85447->85453 85454 418752 46 API calls 8 library calls 85447->85454 85455 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 85447->85455 85449->85427 85450->85429 85451->85431 85452->85435 85453->85447 85454->85447 85456->85446 85457->85449 85458->85449 85459 4010e0 85462 401100 85459->85462 85461 4010f8 85463 401113 85462->85463 85465 401120 85463->85465 85466 401184 85463->85466 85467 40114c 85463->85467 85493 401182 85463->85493 85464 40112c DefWindowProcW 85464->85461 85465->85464 85521 401000 Shell_NotifyIconW __localtime64_s 85465->85521 85500 401250 85466->85500 85469 401151 85467->85469 85470 40119d 85467->85470 85473 401219 85469->85473 85474 40115d 85469->85474 85471 4011a3 85470->85471 85472 42afb4 85470->85472 85471->85465 85481 4011b6 KillTimer 85471->85481 85482 4011db SetTimer RegisterWindowMessageW 85471->85482 85516 40f190 10 API calls 85472->85516 85473->85465 85478 401225 85473->85478 85477 401163 85474->85477 85483 42b01d 85474->85483 85484 42afe9 85477->85484 85485 40116c 85477->85485 85523 468b0e 74 API calls __localtime64_s 85478->85523 85479 401193 85479->85461 85480 42b04f 85522 40e0c0 74 API calls __localtime64_s 85480->85522 85515 401000 Shell_NotifyIconW __localtime64_s 85481->85515 85482->85479 85491 401204 CreatePopupMenu 85482->85491 85483->85464 85520 4370f4 52 API calls 85483->85520 85518 40f190 10 API calls 85484->85518 85485->85465 85486 401174 85485->85486 85517 45fd57 65 API calls __localtime64_s 85486->85517 85491->85461 85493->85464 85494 42afe4 85494->85479 85495 42b00e 85519 401a50 387 API calls 85495->85519 85496 4011c9 PostQuitMessage 85496->85461 85499 42afdc 85499->85464 85499->85494 85501 401262 __localtime64_s 85500->85501 85502 4012e8 85500->85502 85524 401b80 85501->85524 85502->85479 85504 4012d1 KillTimer SetTimer 85504->85502 85505 40128c 85505->85504 85506 4012bb 85505->85506 85507 4272ec 85505->85507 85508 4012c5 85506->85508 85509 42733f 85506->85509 85510 4272f4 Shell_NotifyIconW 85507->85510 85511 42731a Shell_NotifyIconW 85507->85511 85508->85504 85514 427393 Shell_NotifyIconW 85508->85514 85512 427348 Shell_NotifyIconW 85509->85512 85513 42736e Shell_NotifyIconW 85509->85513 85510->85504 85511->85504 85512->85504 85513->85504 85514->85504 85515->85496 85516->85479 85517->85499 85518->85495 85519->85493 85520->85493 85521->85480 85522->85493 85523->85494 85525 401b9c 85524->85525 85545 401c7e 85524->85545 85546 4013c0 52 API calls 85525->85546 85527 401bac 85528 42722b LoadStringW 85527->85528 85529 401bb9 85527->85529 85532 427246 85528->85532 85547 402160 85529->85547 85531 401bcd 85534 427258 85531->85534 85535 401bda 85531->85535 85561 40e0a0 85532->85561 85565 40d200 52 API calls 2 library calls 85534->85565 85535->85532 85536 401be4 85535->85536 85560 40d200 52 API calls 2 library calls 85536->85560 85539 427267 85540 401bf3 __localtime64_s _wcscpy _wcsncpy 85539->85540 85541 42727b 85539->85541 85544 401c62 Shell_NotifyIconW 85540->85544 85566 40d200 52 API calls 2 library calls 85541->85566 85543 427289 85544->85545 85545->85505 85546->85527 85548 426daa 85547->85548 85549 40216b _wcslen 85547->85549 85574 40c600 85548->85574 85552 402180 85549->85552 85553 40219e 85549->85553 85551 426db5 85551->85531 85567 403bd0 85552->85567 85573 4013a0 52 API calls 85553->85573 85556 402187 _memmove 85556->85531 85557 4021a5 85558 426db7 85557->85558 85559 4115d7 52 API calls 85557->85559 85559->85556 85560->85540 85562 40e0b2 85561->85562 85563 40e0a8 85561->85563 85562->85540 85587 403c30 52 API calls _memmove 85563->85587 85565->85539 85566->85543 85568 403bd8 85567->85568 85570 403bd9 moneypunct 85567->85570 85568->85556 85569 4268b9 85570->85569 85571 4115d7 52 API calls 85570->85571 85572 403c18 85571->85572 85572->85556 85573->85557 85575 40c619 85574->85575 85576 40c60a 85574->85576 85575->85551 85576->85575 85579 4026f0 85576->85579 85578 426d7a _memmove 85578->85551 85580 426873 85579->85580 85581 4026ff 85579->85581 85586 4013a0 52 API calls 85580->85586 85581->85578 85583 42687b 85584 4115d7 52 API calls 85583->85584 85585 42689e _memmove 85584->85585 85585->85578 85586->85583 85587->85562 85588 42d142 85592 480a8d 85588->85592 85590 42d14f 85591 480a8d 387 API calls 85590->85591 85591->85590 85593 480ae4 85592->85593 85594 480b26 85592->85594 85595 480aeb 85593->85595 85596 480b15 85593->85596 85623 40bc70 85594->85623 85598 480aee 85595->85598 85599 480b04 85595->85599 85630 4805bf 387 API calls 85596->85630 85598->85594 85601 480af3 85598->85601 85629 47fea2 387 API calls __itow_s 85599->85629 85628 47f135 387 API calls 85601->85628 85603 40e0a0 52 API calls 85617 480b2e 85603->85617 85607 480aff 85645 408f40 85607->85645 85608 481156 85609 408f40 VariantClear 85608->85609 85610 48115e 85609->85610 85610->85590 85611 40e710 53 API calls 85611->85617 85614 40c2c0 52 API calls 85614->85617 85615 40a780 387 API calls 85615->85617 85616 408e80 VariantClear 85616->85617 85617->85603 85617->85607 85617->85611 85617->85614 85617->85615 85617->85616 85621 480ff5 85617->85621 85631 401980 85617->85631 85639 45377f 52 API calls 85617->85639 85640 45e951 53 API calls 85617->85640 85641 40e830 53 API calls 85617->85641 85642 47925f 53 API calls 85617->85642 85643 47fcff 387 API calls 85617->85643 85644 45e737 90 API calls 3 library calls 85621->85644 85624 4115d7 52 API calls 85623->85624 85625 40bc98 85624->85625 85626 4115d7 52 API calls 85625->85626 85627 40bca6 85626->85627 85627->85617 85628->85607 85629->85607 85630->85607 85632 4019a3 85631->85632 85636 401985 85631->85636 85633 4019b8 85632->85633 85632->85636 85635 403e10 53 API calls 85633->85635 85634 40199f 85634->85617 85638 4019c4 85635->85638 85636->85634 85649 403e10 85636->85649 85638->85617 85639->85617 85640->85617 85641->85617 85642->85617 85643->85617 85644->85607 85647 408f48 moneypunct 85645->85647 85646 4265c7 VariantClear 85648 408f55 moneypunct 85646->85648 85647->85646 85647->85648 85648->85608 85666 403ea0 52 API calls __cinit 85649->85666 85651 403e1d 85652 403e25 85651->85652 85654 428987 85651->85654 85653 4115d7 52 API calls 85652->85653 85655 403e34 85653->85655 85669 408e80 VariantClear 85654->85669 85657 403e44 85655->85657 85659 40bc70 52 API calls 85655->85659 85660 403e51 85657->85660 85667 403c30 52 API calls _memmove 85657->85667 85658 428993 85658->85634 85659->85657 85662 4115d7 52 API calls 85660->85662 85663 403e5e 85662->85663 85668 403da0 52 API calls 85663->85668 85665 403e82 85665->85634 85666->85651 85667->85660 85668->85665 85669->85658 85670 425ba2 85675 40e360 85670->85675 85672 425bb4 85691 41130a 51 API calls __cinit 85672->85691 85674 425bbe 85676 4115d7 52 API calls 85675->85676 85677 40e3ec GetModuleFileNameW 85676->85677 85692 413a0e 85677->85692 85679 40e421 _wcsncat 85695 413a9e 85679->85695 85682 4115d7 52 API calls 85683 40e45e _wcscpy 85682->85683 85684 40bc70 52 API calls 85683->85684 85685 40e498 85684->85685 85698 40e4c0 85685->85698 85687 40e4a9 85687->85672 85688 401c90 52 API calls 85690 40e4a1 _wcscat _wcslen _wcsncpy 85688->85690 85689 4115d7 52 API calls 85689->85690 85690->85687 85690->85688 85690->85689 85691->85674 85712 413801 85692->85712 85742 419efd 85695->85742 85754 403350 85698->85754 85700 40e4cb RegOpenKeyExW 85701 427190 RegQueryValueExW 85700->85701 85702 40e4eb 85700->85702 85703 4271b0 85701->85703 85704 42721a RegCloseKey 85701->85704 85702->85690 85705 4115d7 52 API calls 85703->85705 85704->85690 85706 4271cb 85705->85706 85761 43652f 52 API calls 85706->85761 85708 4271d8 RegQueryValueExW 85709 4271f7 85708->85709 85711 42720e 85708->85711 85710 402160 52 API calls 85709->85710 85710->85711 85711->85704 85713 41389e 85712->85713 85719 41381a 85712->85719 85714 4139e8 85713->85714 85716 413a00 85713->85716 85739 417f77 46 API calls __getptd_noexit 85714->85739 85741 417f77 46 API calls __getptd_noexit 85716->85741 85717 4139ed 85740 417f25 10 API calls wcstoxl 85717->85740 85719->85713 85727 41388a 85719->85727 85734 419e30 46 API calls wcstoxl 85719->85734 85721 413967 85721->85679 85723 41396c 85723->85713 85723->85721 85725 41397a 85723->85725 85724 413929 85724->85713 85726 413945 85724->85726 85736 419e30 46 API calls wcstoxl 85724->85736 85738 419e30 46 API calls wcstoxl 85725->85738 85726->85713 85726->85721 85730 41395b 85726->85730 85727->85713 85733 413909 85727->85733 85735 419e30 46 API calls wcstoxl 85727->85735 85737 419e30 46 API calls wcstoxl 85730->85737 85733->85723 85733->85724 85734->85727 85735->85733 85736->85726 85737->85721 85738->85721 85739->85717 85740->85721 85741->85721 85743 419f13 85742->85743 85744 419f0e 85742->85744 85751 417f77 46 API calls __getptd_noexit 85743->85751 85744->85743 85745 419f2b 85744->85745 85750 40e454 85745->85750 85753 417f77 46 API calls __getptd_noexit 85745->85753 85747 419f18 85752 417f25 10 API calls wcstoxl 85747->85752 85750->85682 85751->85747 85752->85750 85753->85747 85755 403367 85754->85755 85756 403358 85754->85756 85757 4115d7 52 API calls 85755->85757 85756->85700 85758 403370 85757->85758 85759 4115d7 52 API calls 85758->85759 85760 40339e 85759->85760 85760->85700 85761->85708 85762 4725e1 SHGetFolderPathW 85763 42b14b 85770 40bc10 85763->85770 85765 42b159 85781 4096a0 85765->85781 85767 42b177 85908 44b92d VariantClear 85767->85908 85769 42bc5b 85771 40bc24 85770->85771 85772 40bc17 85770->85772 85774 40bc2a 85771->85774 85775 40bc3c 85771->85775 85909 408e80 VariantClear 85772->85909 85910 408e80 VariantClear 85774->85910 85778 4115d7 52 API calls 85775->85778 85776 40bc1f 85776->85765 85780 40bc43 85778->85780 85779 40bc33 85779->85765 85780->85765 85782 4096c6 _wcslen 85781->85782 85783 4115d7 52 API calls 85782->85783 85847 40a70c moneypunct _memmove 85782->85847 85784 4096fa _memmove 85783->85784 85786 4115d7 52 API calls 85784->85786 85788 40971b 85786->85788 85787 4297aa 85790 4115d7 52 API calls 85787->85790 85789 409749 CharUpperBuffW 85788->85789 85792 40976a moneypunct 85788->85792 85788->85847 85789->85792 85830 4297d1 _memmove 85790->85830 85838 4097e5 moneypunct 85792->85838 86029 47dcbb 387 API calls 85792->86029 85794 408f40 VariantClear 85795 42ae92 85794->85795 86077 410c60 VariantClear moneypunct 85795->86077 85797 42aea4 85798 409aa2 85800 4115d7 52 API calls 85798->85800 85804 409afe 85798->85804 85798->85830 85799 40a689 85801 4115d7 52 API calls 85799->85801 85800->85804 85818 40a6af moneypunct _memmove 85801->85818 85802 409b2a 85806 429dbe 85802->85806 85809 40b400 2 API calls 85802->85809 85854 409b4d moneypunct _memmove 85802->85854 85804->85802 85805 4115d7 52 API calls 85804->85805 85807 429d31 85805->85807 85811 429dd3 85806->85811 85813 40b400 2 API calls 85806->85813 85810 429d42 85807->85810 86057 44a801 52 API calls 85807->86057 85808 429a46 VariantClear 85808->85838 85809->85806 85823 40e0a0 52 API calls 85810->85823 85811->85854 86060 40e1c0 VariantClear moneypunct 85811->86060 85812 408f40 VariantClear 85812->85838 85813->85811 85815 40a045 85820 4115d7 52 API calls 85815->85820 85816 42a3f5 86063 47390f VariantClear 85816->86063 85828 4115d7 52 API calls 85818->85828 85829 40a04c 85820->85829 85821 4115d7 52 API calls 85821->85838 85824 429d57 85823->85824 86058 453443 52 API calls 85824->86058 85826 42a42f 86064 45e737 90 API calls 3 library calls 85826->86064 85828->85847 85833 40a0a7 85829->85833 85911 4091e0 85829->85911 86076 45e737 90 API calls 3 library calls 85830->86076 85831 4299d9 85836 408f40 VariantClear 85831->85836 85855 40a0af 85833->85855 86065 40c790 VariantClear moneypunct 85833->86065 85835 429abd 85835->85767 85839 4299e2 85836->85839 85837 429d88 86059 453443 52 API calls 85837->86059 85838->85798 85838->85799 85838->85808 85838->85812 85838->85818 85838->85821 85838->85830 85838->85831 85838->85835 85845 42a452 85838->85845 85987 40a780 85838->85987 86030 40c2c0 85838->86030 86048 40c4e0 387 API calls 85838->86048 86050 40ba10 85838->86050 86056 40e270 VariantClear moneypunct 85838->86056 86049 410c60 VariantClear moneypunct 85839->86049 85842 403e10 53 API calls 85842->85854 85845->85794 86028 4013a0 52 API calls 85847->86028 85848 402780 52 API calls 85848->85854 85849 4115d7 52 API calls 85849->85854 85851 44a801 52 API calls 85851->85854 85852 40a650 moneypunct 85852->85767 85853 408f40 VariantClear 85883 40a162 moneypunct _memmove 85853->85883 85854->85816 85854->85826 85854->85842 85854->85847 85854->85848 85854->85849 85854->85851 85858 40a780 373 API calls 85854->85858 85860 401980 53 API calls 85854->85860 85867 41130a 51 API calls __cinit 85854->85867 85870 409fd2 85854->85870 85872 409c95 85854->85872 86061 45f508 52 API calls 85854->86061 86062 408e80 VariantClear 85854->86062 85856 40a11b 85855->85856 85857 42a4b4 VariantClear 85855->85857 85855->85883 85863 40a12d moneypunct 85856->85863 86066 40e270 VariantClear moneypunct 85856->86066 85857->85863 85858->85854 85860->85854 85862 4115d7 52 API calls 85862->85883 85863->85862 85863->85883 85866 42a74d VariantClear 85866->85883 85867->85854 85868 40a368 85869 42aad4 85868->85869 85877 40a397 85868->85877 86070 46fe90 VariantClear VariantClear moneypunct 85869->86070 85870->85815 85870->85816 85871 42a7e4 VariantClear 85871->85883 85872->85767 85873 42a886 VariantClear 85873->85883 85874 40a3ce 85889 40a3d9 moneypunct 85874->85889 85977 40b400 85874->85977 85876 40e270 VariantClear 85876->85883 85877->85874 85878 40b400 2 API calls 85877->85878 85900 40a42c moneypunct 85877->85900 85878->85874 85880 4115d7 52 API calls 85880->85883 85881 42abaf 85885 42abd4 VariantClear 85881->85885 85895 40a4ee moneypunct 85881->85895 85882 4115d7 52 API calls 85886 42a5a6 VariantInit VariantCopy 85882->85886 85883->85853 85883->85866 85883->85868 85883->85869 85883->85871 85883->85873 85883->85876 85883->85880 85883->85882 86067 470870 52 API calls 85883->86067 86068 408e80 VariantClear 85883->86068 86069 44ccf1 VariantClear moneypunct 85883->86069 85884 40a4dc 85884->85895 86072 40e270 VariantClear moneypunct 85884->86072 85885->85895 85886->85883 85891 42a5c6 VariantClear 85886->85891 85887 42ac4f 85896 42ac79 VariantClear 85887->85896 85902 40a546 moneypunct 85887->85902 85890 40a41a 85889->85890 85893 42ab44 VariantClear 85889->85893 85889->85900 85890->85900 86071 40e270 VariantClear moneypunct 85890->86071 85891->85883 85892 40a534 85892->85902 86073 40e270 VariantClear moneypunct 85892->86073 85893->85900 85895->85887 85895->85892 85896->85902 85897 42ad28 85903 42ad4e VariantClear 85897->85903 85907 40a583 moneypunct 85897->85907 85899 40a571 85899->85907 86074 40e270 VariantClear moneypunct 85899->86074 85900->85881 85900->85884 85902->85897 85902->85899 85903->85907 85905 42ae0e VariantClear 85905->85907 85907->85852 85907->85905 86075 40e270 VariantClear moneypunct 85907->86075 85908->85769 85909->85776 85910->85779 85912 409202 85911->85912 85913 42d7ad 85911->85913 85970 409216 moneypunct 85912->85970 86222 410940 387 API calls 85912->86222 86225 45e737 90 API calls 3 library calls 85913->86225 85916 409386 85917 40939c 85916->85917 86223 40f190 10 API calls 85916->86223 85917->85833 85919 4095b2 85919->85917 85921 4095bf 85919->85921 85920 409253 PeekMessageW 85920->85970 86224 401a50 387 API calls 85921->86224 85923 40d410 VariantClear 85923->85970 85924 42d8cd Sleep 85924->85970 85925 4095c6 LockWindowUpdate DestroyWindow GetMessageW 85925->85917 85928 4095f9 85925->85928 85927 42e13b 86250 40d410 VariantClear 85927->86250 85931 42e158 TranslateMessage DispatchMessageW GetMessageW 85928->85931 85931->85931 85932 42e188 85931->85932 85932->85917 85934 409567 PeekMessageW 85934->85970 85936 44c29d 52 API calls 85976 42da45 85936->85976 85937 46f3c1 107 API calls 85937->85970 85938 40e0a0 52 API calls 85938->85970 85939 46fdbf 108 API calls 85939->85976 85940 42dcd2 WaitForSingleObject 85945 42dcf0 GetExitCodeProcess CloseHandle 85940->85945 85940->85970 85941 409551 TranslateMessage DispatchMessageW 85941->85934 85943 42dd3d Sleep 85943->85976 85944 47d33e 365 API calls 85944->85970 86231 40d410 VariantClear 85945->86231 85947 4094cf Sleep 85947->85970 85950 408f40 VariantClear 85950->85976 85952 42d94d timeGetTime 86227 465124 53 API calls 85952->86227 85954 40c620 timeGetTime 85954->85970 85957 465124 53 API calls 85957->85976 85958 42dd89 CloseHandle 85958->85976 85960 42de19 GetExitCodeProcess CloseHandle 85960->85976 85963 42de88 Sleep 85963->85970 85965 4096a0 365 API calls 85965->85970 85968 42e0cc VariantClear 85968->85970 85969 408f40 VariantClear 85969->85970 85970->85916 85970->85920 85970->85923 85970->85924 85970->85927 85970->85934 85970->85937 85970->85938 85970->85940 85970->85941 85970->85943 85970->85944 85970->85947 85970->85952 85970->85954 85970->85965 85970->85968 85970->85969 85972 45e737 90 API calls 85970->85972 85970->85976 86078 4091b0 85970->86078 86136 40afa0 85970->86136 86162 408fc0 85970->86162 86197 408cc0 85970->86197 86211 40d150 85970->86211 86216 40d170 85970->86216 86226 465124 53 API calls 85970->86226 86249 40e270 VariantClear moneypunct 85970->86249 85971 401b10 52 API calls 85971->85976 85972->85970 85974 401980 53 API calls 85974->85976 85976->85936 85976->85939 85976->85950 85976->85957 85976->85958 85976->85960 85976->85963 85976->85970 85976->85971 85976->85974 86228 45178a 54 API calls 85976->86228 86229 47d33e 387 API calls 85976->86229 86230 453bc6 54 API calls 85976->86230 86232 40c620 timeGetTime 85976->86232 86233 40d410 VariantClear 85976->86233 86234 443d19 85976->86234 86242 4574b4 VariantClear 85976->86242 86243 403cd0 85976->86243 86247 4731e1 VariantClear 85976->86247 86248 4331a2 6 API calls 85976->86248 85978 40b40f 85977->85978 85986 40b45e moneypunct 85977->85986 85979 40b41f 85978->85979 85980 40b400 VariantClear 85978->85980 85981 40b400 VariantClear 85979->85981 85984 40b42a moneypunct 85979->85984 85980->85979 85981->85984 85982 40b44c 85982->85986 87414 40e270 VariantClear moneypunct 85982->87414 85983 42839c VariantClear 85983->85986 85984->85982 85984->85983 85984->85986 85986->85889 85988 40a7a6 85987->85988 85989 40ae8c 85987->85989 85991 4115d7 52 API calls 85988->85991 87415 41130a 51 API calls __cinit 85989->87415 86024 40a7c6 moneypunct _memmove 85991->86024 85992 40a86d 85994 40abd1 85992->85994 86008 40a878 moneypunct 85992->86008 85993 408e80 VariantClear 85993->86024 87420 45e737 90 API calls 3 library calls 85994->87420 85996 401b10 52 API calls 85996->86024 85997 42b791 VariantClear 85997->86024 85998 40bc10 53 API calls 85998->86024 85999 408f40 VariantClear 85999->86008 86000 42ba2d VariantClear 86000->86024 86001 42b459 VariantClear 86001->86024 86002 40a884 moneypunct 86002->85838 86003 42b6f6 VariantClear 86003->86024 86004 408cc0 380 API calls 86004->86024 86006 40e270 VariantClear 86006->86024 86007 42bc5b 86007->85838 86008->85999 86008->86002 86009 4115d7 52 API calls 86009->86024 86010 42bbf5 87421 45e737 90 API calls 3 library calls 86010->87421 86011 42bb6a 87423 44b92d VariantClear 86011->87423 86012 4115d7 52 API calls 86015 42b5b3 VariantInit VariantCopy 86012->86015 86013 40b5f0 89 API calls 86013->86024 86018 42b5d7 VariantClear 86015->86018 86015->86024 86017 408f40 VariantClear 86017->86024 86018->86024 86021 42bc37 87422 45e737 90 API calls 3 library calls 86021->87422 86024->85992 86024->85993 86024->85994 86024->85996 86024->85997 86024->85998 86024->86000 86024->86001 86024->86003 86024->86004 86024->86006 86024->86009 86024->86010 86024->86011 86024->86012 86024->86013 86024->86017 86024->86021 86027 4530c9 VariantClear 86024->86027 87416 45308a 53 API calls 86024->87416 87417 470870 52 API calls 86024->87417 87418 457f66 87 API calls __write_nolock 86024->87418 87419 472f47 127 API calls 86024->87419 86025 42bc48 86025->86011 86026 408f40 VariantClear 86025->86026 86026->86011 86027->86024 86028->85787 86029->85792 86031 40c2c7 86030->86031 86032 40c30e 86030->86032 86035 40c2d3 86031->86035 86036 426c79 86031->86036 86033 40c315 86032->86033 86034 426c2b 86032->86034 86037 40c321 86033->86037 86038 426c5a 86033->86038 86040 426c4b 86034->86040 86041 426c2e 86034->86041 87424 403ea0 52 API calls __cinit 86035->87424 87429 4534e3 52 API calls 86036->87429 87425 403ea0 52 API calls __cinit 86037->87425 87428 4534e3 52 API calls 86038->87428 87427 4534e3 52 API calls 86040->87427 86047 40c2de 86041->86047 87426 4534e3 52 API calls 86041->87426 86047->85838 86048->85838 86049->85852 86051 40ba49 86050->86051 86055 40ba1b moneypunct _memmove 86050->86055 86053 4115d7 52 API calls 86051->86053 86052 4115d7 52 API calls 86054 40ba22 86052->86054 86053->86055 86054->85838 86055->86052 86056->85838 86057->85810 86058->85837 86059->85802 86060->85854 86061->85854 86062->85854 86063->85826 86064->85845 86065->85833 86066->85863 86067->85883 86068->85883 86069->85883 86070->85874 86071->85900 86072->85895 86073->85902 86074->85907 86075->85907 86076->85845 86077->85797 86079 42c5fe 86078->86079 86093 4091c6 86078->86093 86080 40bc70 52 API calls 86079->86080 86079->86093 86081 42c64e InterlockedIncrement 86080->86081 86082 42c665 86081->86082 86086 42c697 86081->86086 86085 42c672 InterlockedDecrement Sleep InterlockedIncrement 86082->86085 86082->86086 86083 42c737 InterlockedDecrement 86084 42c74a 86083->86084 86087 408f40 VariantClear 86084->86087 86085->86082 86085->86086 86086->86083 86108 42c731 86086->86108 86251 408e80 VariantClear 86086->86251 86089 42c752 86087->86089 86265 410c60 VariantClear moneypunct 86089->86265 86090 42c6cf 86252 45340c 86090->86252 86093->85970 86094 42c6db 86095 402160 52 API calls 86094->86095 86096 42c6e5 86095->86096 86097 45340c 85 API calls 86096->86097 86098 42c6f1 86097->86098 86258 40d200 52 API calls 2 library calls 86098->86258 86100 42c6fb 86259 465124 53 API calls 86100->86259 86102 42c715 86103 42c76a 86102->86103 86104 42c719 86102->86104 86266 401b10 86103->86266 86260 46fe32 86104->86260 86107 42c77e 86109 401980 53 API calls 86107->86109 86108->86083 86115 42c796 86109->86115 86110 42c812 86111 46fe32 VariantClear 86110->86111 86112 42c82a InterlockedDecrement 86111->86112 86272 46ff07 54 API calls 86112->86272 86114 42c864 86273 45e737 90 API calls 3 library calls 86114->86273 86115->86110 86115->86114 86118 40ba10 52 API calls 86115->86118 86116 42c9ec 86275 47d33e 387 API calls 86116->86275 86118->86115 86120 42c9fe 86122 408f40 VariantClear 86132 42c849 86122->86132 86125 408f40 VariantClear 86128 42c891 86125->86128 86126 402780 52 API calls 86126->86132 86274 410c60 VariantClear moneypunct 86128->86274 86129 401980 53 API calls 86129->86132 86132->86116 86132->86122 86132->86126 86132->86129 86134 40a780 381 API calls 86132->86134 86133 42c874 86133->86125 86135 42ca59 86133->86135 86134->86132 86135->86135 86137 40afc4 86136->86137 86138 40b156 86136->86138 86139 40afd5 86137->86139 86140 42d1e3 86137->86140 86279 45e737 90 API calls 3 library calls 86138->86279 86143 40a780 385 API calls 86139->86143 86161 40b11a moneypunct 86139->86161 86280 45e737 90 API calls 3 library calls 86140->86280 86146 40b00a 86143->86146 86144 42d1f8 86149 408f40 VariantClear 86144->86149 86145 40b143 86145->85970 86146->86144 86150 40b012 86146->86150 86148 42d4db 86148->86148 86149->86145 86151 40b04a 86150->86151 86152 42d231 VariantClear 86150->86152 86154 40b094 moneypunct 86150->86154 86159 40b05c moneypunct 86151->86159 86281 40e270 VariantClear moneypunct 86151->86281 86152->86159 86153 40b108 86153->86161 86282 40e270 VariantClear moneypunct 86153->86282 86154->86153 86157 42d425 moneypunct 86154->86157 86155 42d45a VariantClear 86155->86161 86157->86155 86157->86161 86159->86154 86160 4115d7 52 API calls 86159->86160 86160->86154 86161->86145 86283 45e737 90 API calls 3 library calls 86161->86283 86163 408fff 86162->86163 86175 40900d 86162->86175 86284 403ea0 52 API calls __cinit 86163->86284 86166 42c3f6 86287 45e737 90 API calls 3 library calls 86166->86287 86168 4090f2 moneypunct 86168->85970 86169 42c44a 86289 45e737 90 API calls 3 library calls 86169->86289 86170 40a780 387 API calls 86170->86175 86171 42c47b 86290 451b42 61 API calls 86171->86290 86175->86166 86175->86168 86175->86169 86175->86170 86175->86171 86176 42c4cb 86175->86176 86177 42c564 86175->86177 86181 42c548 86175->86181 86182 409112 86175->86182 86185 4090df 86175->86185 86187 42c528 86175->86187 86189 4090ea 86175->86189 86286 4534e3 52 API calls 86175->86286 86288 40c4e0 387 API calls 86175->86288 86292 47faae 387 API calls 86176->86292 86178 408f40 VariantClear 86177->86178 86178->86168 86179 42c491 86179->86168 86291 45e737 90 API calls 3 library calls 86179->86291 86295 45e737 90 API calls 3 library calls 86181->86295 86182->86181 86192 40912b 86182->86192 86183 42c4da 86183->86168 86293 45e737 90 API calls 3 library calls 86183->86293 86185->86189 86285 408e80 VariantClear 86185->86285 86294 45e737 90 API calls 3 library calls 86187->86294 86193 408f40 VariantClear 86189->86193 86192->86168 86194 403e10 53 API calls 86192->86194 86193->86168 86195 40914b 86194->86195 86196 408f40 VariantClear 86195->86196 86196->86168 86296 408d90 86197->86296 86199 429778 86342 410c60 VariantClear moneypunct 86199->86342 86201 429780 86202 408cf9 86202->86199 86203 42976c 86202->86203 86205 408d2d 86202->86205 86341 45e737 90 API calls 3 library calls 86203->86341 86313 403d10 86205->86313 86208 408d71 moneypunct 86208->85970 86209 408f40 VariantClear 86210 408d45 moneypunct 86209->86210 86210->86208 86210->86209 86212 40d15f 86211->86212 86214 425c87 86211->86214 86212->85970 86213 425cc7 86214->86213 86215 425ca1 TranslateAcceleratorW 86214->86215 86215->86212 86217 42602f 86216->86217 86220 40d17f 86216->86220 86217->85970 86218 42608e IsDialogMessageW 86219 40d18c 86218->86219 86218->86220 86219->85970 86220->86218 86220->86219 87396 430c46 GetClassLongW 86220->87396 86222->85970 86223->85919 86224->85925 86225->85970 86226->85970 86227->85970 86228->85976 86229->85976 86230->85976 86231->85976 86232->85976 86233->85976 86235 443d51 86234->86235 86236 443d33 _wcslen 86234->86236 87398 433ee0 CreateToolhelp32Snapshot Process32FirstW 86235->87398 86236->86235 86239 443d41 86236->86239 86238 443d59 86238->85976 87397 433d9e 63 API calls 4 library calls 86239->87397 86241 443d49 86241->85976 86242->85976 86244 403cdf 86243->86244 86245 408f40 VariantClear 86244->86245 86246 403ce7 86245->86246 86246->85963 86247->85976 86248->85976 86249->85970 86250->85916 86251->86090 86253 453439 86252->86253 86254 453419 86252->86254 86253->86094 86255 45342f 86254->86255 86277 4531b1 85 API calls 5 library calls 86254->86277 86255->86094 86257 453425 86257->86094 86258->86100 86259->86102 86261 46fe66 86260->86261 86262 46fe41 86260->86262 86261->86108 86264 46fe59 86262->86264 86278 40e1c0 VariantClear moneypunct 86262->86278 86264->86108 86265->86093 86267 401b16 _wcslen 86266->86267 86268 4115d7 52 API calls 86267->86268 86271 401b63 86267->86271 86269 401b4b _memmove 86268->86269 86270 4115d7 52 API calls 86269->86270 86270->86271 86271->86107 86272->86132 86273->86133 86274->86093 86275->86120 86277->86257 86278->86262 86279->86140 86280->86144 86281->86159 86282->86161 86283->86148 86284->86175 86285->86189 86286->86175 86287->86168 86288->86175 86289->86168 86290->86179 86291->86168 86292->86183 86293->86168 86294->86168 86295->86177 86297 4289d2 86296->86297 86298 408db3 86296->86298 86347 45e737 90 API calls 3 library calls 86297->86347 86343 40bec0 86298->86343 86301 4289e5 86348 45e737 90 API calls 3 library calls 86301->86348 86302 408e6c 86302->86202 86304 40ba10 52 API calls 86306 408dc9 86304->86306 86305 428a05 86307 408f40 VariantClear 86305->86307 86306->86301 86306->86302 86306->86304 86306->86305 86308 40a780 387 API calls 86306->86308 86309 408e64 86306->86309 86311 408f40 VariantClear 86306->86311 86312 408e5a 86306->86312 86307->86302 86308->86306 86310 408f40 VariantClear 86309->86310 86310->86302 86311->86306 86312->86202 86314 408f40 VariantClear 86313->86314 86315 403d20 86314->86315 86316 403cd0 VariantClear 86315->86316 86317 403d4d 86316->86317 86350 457e3f 86317->86350 86361 46cef3 86317->86361 86403 45e17d 86317->86403 86413 46beb2 86317->86413 86486 46f993 86317->86486 86525 40d3b0 86317->86525 86532 467897 86317->86532 86574 432fee OpenSCManagerW 86317->86574 86581 4653c8 86317->86581 86599 47ac6d 86317->86599 86614 476d8d GetCursorPos GetForegroundWindow 86317->86614 86632 4589ac WSAStartup 86317->86632 86636 4755ad 86317->86636 86639 45c8c1 86317->86639 86646 46d402 86317->86646 86665 46d1a6 86317->86665 86675 45a3fe 86317->86675 86678 47b1db 86317->86678 86685 45cc7a 86317->86685 86699 4589fe 86317->86699 86709 45c8fc 86317->86709 86716 46e91c 86317->86716 86318 403d76 86318->86199 86318->86210 86341->86199 86342->86201 86344 40bed0 86343->86344 86345 40bef2 86344->86345 86349 45e737 90 API calls 3 library calls 86344->86349 86345->86306 86347->86301 86348->86305 86349->86345 86351 45340c 85 API calls 86350->86351 86352 457e61 86351->86352 86353 443d19 67 API calls 86352->86353 86354 457e67 86353->86354 86355 457e71 86354->86355 86356 457e9d 86354->86356 86357 408f40 VariantClear 86355->86357 86358 408f40 VariantClear 86356->86358 86359 457e76 86357->86359 86360 457ea2 86358->86360 86359->86318 86360->86318 86362 45340c 85 API calls 86361->86362 86363 46cf16 86362->86363 86364 40bc70 52 API calls 86363->86364 86365 46cf23 86364->86365 86366 40bc70 52 API calls 86365->86366 86367 46cf41 86366->86367 86719 40e710 86367->86719 86370 46cf70 _wcslen 86372 46cf85 86370->86372 86373 46d0f2 86370->86373 86371 46cf61 OleInitialize 86371->86370 86730 4339fa 86372->86730 86375 46d119 GetActiveObject 86373->86375 86377 45340c 85 API calls 86373->86377 86404 45e198 86403->86404 86405 45e19c 86404->86405 86406 45e1b8 86404->86406 86407 408f40 VariantClear 86405->86407 86408 45e1cc 86406->86408 86409 45e1db FindClose 86406->86409 86410 45e1a4 86407->86410 86411 45e1d9 moneypunct 86408->86411 86747 44ae3e 86408->86747 86409->86411 86410->86318 86411->86318 86414 40bc70 52 API calls 86413->86414 86415 46bed3 86414->86415 86416 40bc70 52 API calls 86415->86416 86417 46bedc 86416->86417 86418 40bc70 52 API calls 86417->86418 86419 46bee5 86418->86419 86420 40e710 53 API calls 86419->86420 86421 46bef2 86420->86421 86422 45340c 85 API calls 86421->86422 86423 46bf00 86422->86423 86424 401b10 52 API calls 86423->86424 86425 46bf0c 86424->86425 86762 463980 86425->86762 86487 40e710 53 API calls 86486->86487 86488 46f9ba 86487->86488 86489 4115d7 52 API calls 86488->86489 86497 46fa26 86488->86497 86490 46f9d3 86489->86490 86491 46f9df 86490->86491 86834 40da60 53 API calls 86490->86834 86835 4533eb 86491->86835 86492 46fa38 86492->86318 86497->86492 86499 46fa7a 86497->86499 86820 44c285 86497->86820 86500 46fb17 86499->86500 86501 46fa99 86499->86501 86504 40bc70 52 API calls 86500->86504 86503 4115d7 52 API calls 86501->86503 86507 46fa9f 86503->86507 86508 46fb20 86504->86508 86510 46fab6 86507->86510 86851 443ee5 ReadFile SetFilePointerEx 86507->86851 86823 46ea94 86508->86823 86520 46faba moneypunct 86510->86520 86852 453132 53 API calls __localtime64_s 86510->86852 86514 46fb30 86514->86520 86853 40e6a0 53 API calls 86514->86853 86515 46faea _memmove 86519 403cd0 VariantClear 86515->86519 86517 46fb52 86518 403cd0 VariantClear 86517->86518 86518->86520 86519->86520 86521 46fb99 86520->86521 86522 40da20 CloseHandle 86520->86522 86521->86318 86523 46fb8b 86522->86523 86524 44ae3e CloseHandle 86523->86524 86524->86521 86526 40d3c4 86525->86526 86527 40d3cc timeGetTime 86526->86527 86528 42e19d Sleep 86526->86528 86529 40d3e2 86527->86529 86530 4091e0 385 API calls 86529->86530 86531 40d3fb 86530->86531 86531->86318 86533 4678bb 86532->86533 86534 467947 86533->86534 86537 45340c 85 API calls 86533->86537 86535 4115d7 52 API calls 86534->86535 86562 467964 86534->86562 86536 467989 86535->86536 86538 467995 86536->86538 86999 40da60 53 API calls 86536->86999 86539 4678f6 86537->86539 86543 4533eb 85 API calls 86538->86543 86541 413a0e __wsplitpath 46 API calls 86539->86541 86542 4678fc 86541->86542 86545 401b10 52 API calls 86542->86545 86544 4679b7 86543->86544 86546 40de40 60 API calls 86544->86546 86547 46790c 86545->86547 86548 4679c3 86546->86548 86984 40d200 52 API calls 2 library calls 86547->86984 86550 4679c7 GetLastError 86548->86550 86551 467a05 86548->86551 86553 403cd0 VariantClear 86550->86553 86554 467a2c 86551->86554 86555 467a4b 86551->86555 86552 467917 86552->86534 86557 4339fa 3 API calls 86552->86557 86556 4679dc 86553->86556 86558 4115d7 52 API calls 86554->86558 86559 4115d7 52 API calls 86555->86559 86560 4679e6 86556->86560 86565 44ae3e CloseHandle 86556->86565 86561 467928 86557->86561 86563 467a31 86558->86563 86564 467a49 86559->86564 86566 408f40 VariantClear 86560->86566 86561->86534 86985 4335cd 86561->86985 86562->86318 87000 436299 52 API calls 2 library calls 86563->87000 86570 408f40 VariantClear 86564->86570 86565->86560 86569 4679ed 86566->86569 86569->86318 86572 467a88 86570->86572 86571 467939 86571->86534 86573 408f40 VariantClear 86571->86573 86572->86318 86573->86534 86575 433004 LockServiceDatabase 86574->86575 86576 43303a 86574->86576 86577 433024 GetLastError 86575->86577 86578 43300f UnlockServiceDatabase CloseServiceHandle 86575->86578 86576->86318 86579 433033 CloseServiceHandle 86577->86579 86580 433031 86577->86580 86578->86318 86579->86576 86580->86579 86582 4653e2 86581->86582 86583 4533eb 85 API calls 86582->86583 86584 4653e9 86583->86584 87005 465225 86584->87005 86586 4653f4 86587 4653f8 socket 86586->86587 86591 465420 86586->86591 86588 46543f connect 86587->86588 86589 46540b WSAGetLastError 86587->86589 86593 465450 86588->86593 86594 46546b WSAGetLastError 86588->86594 86589->86591 86590 408f40 VariantClear 86592 465428 86590->86592 86591->86590 86592->86318 86595 408f40 VariantClear 86593->86595 87011 403c90 86594->87011 86597 465458 86595->86597 86597->86318 86598 465480 closesocket 86598->86591 87014 471f53 86599->87014 86601 47ac84 87025 46f3c1 86601->87025 86603 47ac8c 86604 47acc2 86603->86604 86605 47ac90 86603->86605 86606 40bc70 52 API calls 86604->86606 86607 408f40 VariantClear 86605->86607 86608 47accb 86606->86608 86609 47acab 86607->86609 87041 461383 86608->87041 86609->86318 87130 43137e 86614->87130 86616 476db9 86617 476dd2 86616->86617 86625 476e2d 86616->86625 87135 40e830 53 API calls 86617->87135 86619 476de0 87136 40cf00 53 API calls 86619->87136 86620 476e7a 86620->86318 86622 476deb 86623 408f40 VariantClear 86622->86623 86624 476df8 86623->86624 87137 40cf00 53 API calls 86624->87137 86625->86620 86628 408f40 VariantClear 86625->86628 86627 476e0c 86629 408f40 VariantClear 86627->86629 86630 476e43 86628->86630 86631 476e19 86629->86631 86630->86318 86631->86318 86633 4589dd 86632->86633 87138 4530c9 VariantClear 86633->87138 86635 4589f4 86635->86318 87139 475077 86636->87139 86638 4755c0 86638->86318 86640 45340c 85 API calls 86639->86640 86641 45c8d2 86640->86641 86642 4335cd 56 API calls 86641->86642 86643 45c8d8 86642->86643 86644 408f40 VariantClear 86643->86644 86645 45c8e8 86643->86645 86644->86645 86645->86318 86647 40d370 52 API calls 86646->86647 86648 46d414 86647->86648 86649 4533eb 85 API calls 86648->86649 86650 46d422 86649->86650 87248 45f645 WideCharToMultiByte 86650->87248 86652 46d429 gethostbyname 86653 46d437 WSAGetLastError 86652->86653 86654 46d469 _memmove 86652->86654 86655 46d44c 86653->86655 86656 46d47a inet_ntoa 86654->86656 86657 40e710 53 API calls 86655->86657 87257 45213b 52 API calls 2 library calls 86656->87257 86659 46d459 86657->86659 86659->86318 86660 46d491 87258 466715 54 API calls 86660->87258 86662 46d49e 87259 40e6a0 53 API calls 86662->87259 86664 46d4a8 86664->86318 86666 46d1bd 86665->86666 87279 4680ed 86666->87279 86668 46d1cb 86669 46d1d9 send 86668->86669 86670 408f40 VariantClear 86669->86670 86671 46d1ee 86670->86671 86672 46d223 86671->86672 86673 46d1fa WSAGetLastError 86671->86673 86672->86318 86674 46d218 86673->86674 86674->86318 86676 45340c 85 API calls 86675->86676 86677 45a40f SetWindowTextW 86676->86677 86677->86318 86679 471f53 86 API calls 86678->86679 86680 47b1eb 86679->86680 86681 46f3c1 107 API calls 86680->86681 86682 47b1f3 86681->86682 86683 408f40 VariantClear 86682->86683 86684 47b212 86682->86684 86683->86684 86684->86318 86686 45ccd7 86685->86686 86687 45cc91 86685->86687 86688 45340c 85 API calls 86686->86688 86689 45340c 85 API calls 86687->86689 86688->86687 86690 45ccf8 86689->86690 87284 433a13 GetFileVersionInfoSizeW 86690->87284 86692 45ccfe 86693 45cd05 86692->86693 86695 45cc98 86692->86695 86694 40e710 53 API calls 86693->86694 86696 45cd13 86694->86696 86697 40e710 53 API calls 86695->86697 86696->86318 86698 45ccbc 86697->86698 86698->86318 87314 40c650 86699->87314 86702 458a1c WSAGetLastError 86704 458a31 86702->86704 86703 458a49 87317 4530c9 VariantClear 86703->87317 87316 4530c9 VariantClear 86704->87316 86706 458a5a 86706->86318 86708 458a42 86708->86318 86710 45340c 85 API calls 86709->86710 86711 45c90d 86710->86711 86712 4339fa 3 API calls 86711->86712 86713 45c913 86712->86713 86714 45c923 86713->86714 86715 408f40 VariantClear 86713->86715 86714->86318 86715->86714 87318 46e785 86716->87318 86718 46e92f 86718->86318 86720 408f40 VariantClear 86719->86720 86721 40e71b 86720->86721 86722 4115d7 52 API calls 86721->86722 86723 40e729 86722->86723 86724 40e734 86723->86724 86726 426bdc 86723->86726 86725 426be7 86724->86725 86728 401b10 52 API calls 86724->86728 86726->86725 86727 40bc70 52 API calls 86726->86727 86727->86725 86729 40e743 86728->86729 86729->86370 86729->86371 86748 44ae4b moneypunct 86747->86748 86750 443fdf 86747->86750 86748->86411 86755 40da20 86750->86755 86752 443feb 86759 4340db 86752->86759 86754 444001 86754->86748 86756 40da37 86755->86756 86757 40da29 86755->86757 86756->86757 86758 40da3c CloseHandle 86756->86758 86757->86752 86758->86752 86760 40da20 CloseHandle 86759->86760 86761 4340e7 moneypunct 86760->86761 86761->86754 86763 402160 52 API calls 86762->86763 86764 463993 86763->86764 86765 402160 52 API calls 86764->86765 86766 46399b 86765->86766 86854 443d73 86820->86854 86824 46eac5 86823->86824 86825 46eaac 86823->86825 86884 45f72f 54 API calls 86824->86884 86826 46eab1 86825->86826 86827 46eabb 86825->86827 86868 4689aa 86826->86868 86876 46ea4a 86827->86876 86831 46eaca 86831->86514 86833 46eac0 86833->86514 86834->86491 86836 453404 86835->86836 86837 4533f8 86835->86837 86839 40de40 86836->86839 86837->86836 86951 4531b1 85 API calls 5 library calls 86837->86951 86840 40da20 CloseHandle 86839->86840 86841 40de4e 86840->86841 86952 40f110 86841->86952 86844 4264fa 86846 40de84 86851->86510 86852->86515 86853->86517 86859 40df90 86854->86859 86857 40df90 2 API calls 86858 443da5 86857->86858 86858->86499 86860 40dfa2 86859->86860 86861 425e30 86860->86861 86862 40e01b SetFilePointerEx 86860->86862 86865 40dff3 86860->86865 86867 40e050 SetFilePointerEx 86861->86867 86866 40e050 SetFilePointerEx 86862->86866 86865->86857 86866->86865 86867->86865 86885 40d370 86868->86885 86877 40d370 52 API calls 86876->86877 86878 46ea59 86877->86878 86879 44c228 54 API calls 86878->86879 86880 46ea67 86879->86880 86881 46ea83 86880->86881 86927 403af0 MultiByteToWideChar 86880->86927 86881->86833 86884->86831 86886 4115d7 52 API calls 86885->86886 86887 40d385 86886->86887 86888 4115d7 52 API calls 86887->86888 86889 40d391 86888->86889 86890 44c228 86889->86890 86928 427ca3 86927->86928 86929 403b16 86927->86929 86951->86836 86953 40f125 CreateFileW 86952->86953 86954 42630c 86952->86954 86955 40de74 86953->86955 86954->86955 86956 426311 CreateFileW 86954->86956 86955->86844 86959 40dea0 86955->86959 86956->86955 86957 426337 86956->86957 86958 40df90 2 API calls 86957->86958 86958->86955 86960 40debc 86959->86960 86970 40df1c 86959->86970 86961 40df90 2 API calls 86960->86961 86967 40df7b 86960->86967 86960->86970 86962 40def7 86961->86962 86965 40df90 2 API calls 86965->86967 86967->86846 86970->86967 86971 40df90 2 API calls 86970->86971 86978 40df5b moneypunct 86970->86978 86978->86965 86984->86552 86986 4335eb _wcslen 86985->86986 86987 433615 GetFileAttributesW 86986->86987 86988 433649 86987->86988 86989 43362b GetLastError 86987->86989 86988->86571 86990 433636 CreateDirectoryW 86989->86990 86991 43364f 86989->86991 86990->86988 86990->86991 86991->86988 87001 410160 86991->87001 86999->86538 87000->86564 87013 45a52f 54 API calls 87005->87013 87007 465246 inet_addr 87008 465259 87007->87008 87009 4652a8 htons 87008->87009 87010 465273 87008->87010 87009->86586 87010->86586 87012 403c9e 87011->87012 87012->86598 87013->87007 87057 408e80 VariantClear 87014->87057 87016 471f70 87017 471f76 87016->87017 87018 471f95 87016->87018 87019 4533eb 85 API calls 87017->87019 87020 402160 52 API calls 87018->87020 87021 471f82 87019->87021 87022 471fa5 87020->87022 87023 40e0a0 52 API calls 87021->87023 87022->86601 87024 471f8e 87023->87024 87024->86601 87026 46f3d5 87025->87026 87027 46f3e6 87026->87027 87030 46f427 87026->87030 87109 44b3ac 57 API calls 87027->87109 87029 46f3eb IsWindow 87031 46f41e 87029->87031 87032 46f3fb 87029->87032 87030->87031 87033 4533eb 85 API calls 87030->87033 87031->86603 87110 44cdaf 87032->87110 87035 46f459 87033->87035 87058 46ed8e 87035->87058 87042 402160 52 API calls 87041->87042 87057->87016 87059 46eda2 87058->87059 87060 40e0a0 52 API calls 87059->87060 87061 46edd0 87060->87061 87062 40e0a0 52 API calls 87061->87062 87109->87029 87111 44cdbc 87110->87111 87112 4115d7 52 API calls 87111->87112 87113 44cdc9 87112->87113 87131 4313b1 87130->87131 87132 431394 GetWindowRect 87130->87132 87133 4313c3 87131->87133 87134 4313bb ClientToScreen 87131->87134 87132->86616 87133->86616 87134->87133 87135->86619 87136->86622 87137->86627 87138->86635 87140 4533eb 85 API calls 87139->87140 87141 4750b8 87140->87141 87142 4750ee 87141->87142 87143 475129 87141->87143 87145 408f40 VariantClear 87142->87145 87192 4646e0 87143->87192 87150 4750f5 87145->87150 87146 47515e 87147 475162 87146->87147 87185 47518e 87146->87185 87148 408f40 VariantClear 87147->87148 87179 475169 87148->87179 87149 475357 87151 475365 87149->87151 87152 4754ea 87149->87152 87150->86638 87226 44b3ac 57 API calls 87151->87226 87233 464812 92 API calls 87152->87233 87156 4754fc 87158 4533eb 85 API calls 87158->87185 87167 475480 87169 408f40 VariantClear 87167->87169 87169->87179 87177 4754b5 87178 408f40 VariantClear 87177->87178 87178->87179 87179->86638 87185->87149 87185->87158 87185->87167 87185->87177 87185->87185 87224 436299 52 API calls 2 library calls 87185->87224 87225 463ad5 64 API calls __wcsicoll 87185->87225 87236 4536f7 53 API calls 87192->87236 87194 4646fc 87237 4426cd 59 API calls _wcslen 87194->87237 87196 464711 87198 40bc70 52 API calls 87196->87198 87204 46474b 87196->87204 87199 46472c 87198->87199 87200 461465 52 API calls 87199->87200 87201 464741 87200->87201 87202 40c600 52 API calls 87201->87202 87202->87204 87203 464793 87203->87146 87204->87203 87238 463ad5 64 API calls __wcsicoll 87204->87238 87224->87185 87225->87185 87233->87156 87236->87194 87237->87196 87238->87203 87249 45f66d 87248->87249 87250 45f67c 87248->87250 87251 444d96 52 API calls 87249->87251 87252 4115d7 52 API calls 87250->87252 87253 45f676 87251->87253 87254 45f683 WideCharToMultiByte 87252->87254 87253->86652 87260 45412d 87254->87260 87256 45f6ab moneypunct 87256->86652 87257->86660 87258->86662 87259->86664 87261 454177 87260->87261 87263 454140 87260->87263 87278 44c8cd 52 API calls _memmove 87261->87278 87263->87261 87265 454149 87263->87265 87264 45417d 87264->87256 87266 454184 87265->87266 87267 454153 87265->87267 87273 44c901 87266->87273 87277 434a13 52 API calls 87267->87277 87270 45415e 87272 4115d7 52 API calls 87270->87272 87271 454170 _memmove 87271->87256 87272->87271 87275 44c913 moneypunct 87273->87275 87274 44c93b 87274->87271 87275->87274 87276 4115d7 52 API calls 87275->87276 87276->87274 87277->87270 87278->87264 87280 468100 87279->87280 87281 4680fa 87279->87281 87280->86668 87283 467ac4 55 API calls 2 library calls 87281->87283 87283->87280 87285 433a32 87284->87285 87286 433a3a 87284->87286 87285->86692 87287 4115d7 52 API calls 87286->87287 87288 433a41 GetFileVersionInfoW 87287->87288 87289 433a5a _wcslen 87288->87289 87290 4115d7 52 API calls 87289->87290 87294 433a73 _wcscat _wcscpy 87290->87294 87293 433b68 VerQueryValueW 87296 433bf0 moneypunct 87293->87296 87297 433b7c 87293->87297 87295 433ab3 VerQueryValueW 87294->87295 87300 433acb _wcscat 87294->87300 87295->87300 87296->86692 87301 433bb5 moneypunct _wcsncpy 87297->87301 87310 41329b 79 API calls 3 library calls 87297->87310 87299 433b3b moneypunct _wcsncpy 87299->86692 87302 4114ab 87300->87302 87301->86692 87303 411523 87302->87303 87304 4114ba 87302->87304 87313 4113a8 58 API calls 3 library calls 87303->87313 87309 4114d1 87304->87309 87311 417f77 46 API calls __getptd_noexit 87304->87311 87307 4114c6 87312 417f25 10 API calls wcstoxl 87307->87312 87309->87293 87309->87299 87310->87301 87311->87307 87312->87309 87313->87309 87315 40c662 closesocket 87314->87315 87315->86702 87315->86703 87316->86708 87317->86706 87319 46e7a2 87318->87319 87320 4115d7 52 API calls 87319->87320 87323 46e802 87319->87323 87321 46e7ad 87320->87321 87322 46e7b9 87321->87322 87379 40da60 53 API calls 87321->87379 87328 4533eb 85 API calls 87322->87328 87324 46e7e5 87323->87324 87331 46e82f 87323->87331 87325 408f40 VariantClear 87324->87325 87327 46e7ea 87325->87327 87327->86718 87329 46e7ca 87328->87329 87332 40de40 60 API calls 87329->87332 87330 46e8b5 87333 4680ed 55 API calls 87330->87333 87331->87330 87334 46e845 87331->87334 87335 46e7d7 87332->87335 87336 46e8bb 87333->87336 87337 4533eb 85 API calls 87334->87337 87335->87331 87338 46e7db 87335->87338 87382 443fbe SetFilePointerEx SetFilePointerEx WriteFile 87336->87382 87344 46e84b 87337->87344 87338->87324 87340 44ae3e CloseHandle 87338->87340 87339 46e87a 87359 4689f4 87339->87359 87340->87324 87343 46e883 87380 4013c0 52 API calls 87343->87380 87344->87339 87344->87343 87345 46e881 87352 46e911 87345->87352 87354 40da20 CloseHandle 87345->87354 87346 46e8d4 87346->87345 87349 408f40 VariantClear 87346->87349 87348 46e88f 87350 40e0a0 52 API calls 87348->87350 87349->87345 87351 46e899 87350->87351 87381 40d200 52 API calls 2 library calls 87351->87381 87352->86718 87356 46e903 87354->87356 87355 46e8a5 87357 4689f4 59 API calls 87355->87357 87358 44ae3e CloseHandle 87356->87358 87357->87345 87358->87352 87360 468a1a 87359->87360 87361 468a0a 87359->87361 87363 468a2e 87360->87363 87364 468a1e 87360->87364 87386 443f76 SetFilePointerEx SetFilePointerEx WriteFile 87361->87386 87366 468a44 87363->87366 87367 468a35 87363->87367 87387 443f0a 55 API calls moneypunct 87364->87387 87371 40d370 52 API calls 87366->87371 87370 40d370 52 API calls 87367->87370 87368 468a11 87368->87345 87369 468a25 87369->87345 87372 468a3a 87370->87372 87373 468a49 87371->87373 87388 4541a8 54 API calls moneypunct 87372->87388 87375 45f645 54 API calls 87373->87375 87376 468a41 87375->87376 87383 443f9b 87376->87383 87379->87322 87380->87348 87381->87355 87382->87346 87386->87368 87387->87369 87388->87376 87396->86220 87397->86241 87405 433d5f 87398->87405 87400 433fbe CloseHandle 87400->86238 87401 433f30 Process32NextW 87401->87400 87404 433f1f _wcscat 87401->87404 87402 413a0e __wsplitpath 46 API calls 87402->87404 87403 4114ab __wcsicoll 58 API calls 87403->87404 87404->87400 87404->87401 87404->87402 87404->87403 87406 433d8b 87405->87406 87407 433d6e 87405->87407 87413 41319b 57 API calls __wcstoi64 87406->87413 87407->87406 87411 433d98 87407->87411 87412 4131fc GetStringTypeW wcstoxl 87407->87412 87410 433d91 87410->87404 87411->87404 87412->87407 87413->87410 87414->85986 87415->86024 87416->86024 87417->86024 87418->86024 87419->86024 87420->86011 87421->86011 87422->86025 87423->86007 87424->86047 87425->86047 87426->86047 87427->86038 87428->86047 87429->86047 87430 40ad09 87431 40bc10 53 API calls 87430->87431 87432 40ad1f 87431->87432 87434 40ad40 87432->87434 87437 40c1f0 87432->87437 87471 44b92d VariantClear 87434->87471 87436 42bc5b 87438 40c2c0 52 API calls 87437->87438 87439 40c21f 87438->87439 87440 42965b 87439->87440 87441 40c22a 87439->87441 87531 45e737 90 API calls 3 library calls 87440->87531 87443 40c232 87441->87443 87530 40c4e0 387 API calls 87441->87530 87444 40c23e 87443->87444 87449 429673 87443->87449 87446 40c256 87444->87446 87447 4296c7 87444->87447 87529 408e80 VariantClear 87446->87529 87533 45e737 90 API calls 3 library calls 87447->87533 87472 47e250 87449->87472 87452 42969a 87453 40c27c 87452->87453 87532 45e737 90 API calls 3 library calls 87452->87532 87453->87434 87455 40c25f 87455->87453 87456 429721 87455->87456 87534 457f66 87 API calls __write_nolock 87455->87534 87457 429753 87456->87457 87536 472f47 127 API calls 87456->87536 87538 408e80 VariantClear 87457->87538 87460 429708 87463 45340c 85 API calls 87460->87463 87462 429734 87466 45340c 85 API calls 87462->87466 87467 42970e _wcslen 87463->87467 87464 42975f 87465 408f40 VariantClear 87464->87465 87465->87453 87469 42973d _wcslen 87466->87469 87467->87456 87535 408e80 VariantClear 87467->87535 87469->87457 87537 408e80 VariantClear 87469->87537 87471->87436 87473 40bc70 52 API calls 87472->87473 87474 47e28d 87473->87474 87475 47e2ed 87474->87475 87477 47e2ae 87474->87477 87476 46fe32 VariantClear 87475->87476 87478 47e2f6 87476->87478 87550 408e80 VariantClear 87477->87550 87480 47e305 87478->87480 87481 47e319 87478->87481 87484 402160 52 API calls 87480->87484 87483 40e0a0 52 API calls 87481->87483 87482 47e2ba 87486 408f40 VariantClear 87482->87486 87485 47e315 87483->87485 87484->87485 87488 47e38e 87485->87488 87552 475a67 387 API calls 87485->87552 87487 47e2ca 87486->87487 87489 408f40 VariantClear 87487->87489 87539 47b291 87488->87539 87491 47e2d2 87489->87491 87551 410c60 VariantClear moneypunct 87491->87551 87492 47e346 87492->87488 87495 47e34a 87492->87495 87553 45e538 90 API calls 3 library calls 87495->87553 87496 47e3b7 87499 47e3ed 87496->87499 87500 47e3bb 87496->87500 87497 47e2da 87501 408f40 VariantClear 87497->87501 87508 47e48e 87499->87508 87555 408e80 VariantClear 87499->87555 87502 40e710 53 API calls 87500->87502 87503 47e2e2 87501->87503 87504 47e3c8 87502->87504 87503->87452 87505 40e710 53 API calls 87504->87505 87507 47e358 87505->87507 87506 408f40 VariantClear 87509 47e368 87506->87509 87507->87506 87511 47e250 387 API calls 87508->87511 87512 408f40 VariantClear 87509->87512 87515 47e4ae 87511->87515 87516 47e370 87512->87516 87513 47e481 87514 40e710 53 API calls 87513->87514 87514->87508 87520 408f40 VariantClear 87515->87520 87554 410c60 VariantClear moneypunct 87516->87554 87518 47e378 87519 408f40 VariantClear 87518->87519 87521 47e380 87519->87521 87522 47e4c0 87520->87522 87521->87452 87523 408f40 VariantClear 87522->87523 87524 47e4c8 87523->87524 87556 410c60 VariantClear moneypunct 87524->87556 87526 47e4d0 87527 408f40 VariantClear 87526->87527 87528 47e4d8 87527->87528 87528->87452 87529->87455 87530->87443 87531->87449 87532->87453 87533->87453 87534->87460 87535->87456 87536->87462 87537->87457 87538->87464 87540 47b2e7 87539->87540 87541 47b2a5 87539->87541 87540->87496 87542 40e710 53 API calls 87541->87542 87543 47b2af 87542->87543 87544 47b2b7 87543->87544 87545 47b2cf 87543->87545 87557 47974b 87544->87557 87547 47974b 144 API calls 87545->87547 87549 47b2df 87547->87549 87548 47b2c7 87548->87496 87549->87496 87550->87482 87551->87497 87552->87492 87553->87507 87554->87518 87555->87513 87556->87526 87558 479786 87557->87558 87559 479aed 87557->87559 87558->87559 87562 479798 87558->87562 87621 451b42 61 API calls 87559->87621 87561 479b00 87561->87548 87563 4797a2 87562->87563 87564 4797be 87562->87564 87613 451b42 61 API calls 87563->87613 87566 4797c7 87564->87566 87567 4797e3 87564->87567 87614 451b42 61 API calls 87566->87614 87597 441eba 87567->87597 87568 4797b5 87568->87548 87571 4797da 87571->87548 87572 4797f7 87573 479815 87572->87573 87574 4797fe 87572->87574 87578 47983c 87573->87578 87602 451d2b 87573->87602 87615 451b42 61 API calls 87574->87615 87576 47980c 87576->87548 87582 4798e6 87578->87582 87616 479714 110 API calls 87578->87616 87579 47994b VariantInit 87584 479980 __localtime64_s 87579->87584 87582->87579 87583 479916 VariantClear 87582->87583 87583->87582 87585 479a2c 87584->87585 87586 479a44 87584->87586 87587 479a0b 87584->87587 87618 451b42 61 API calls 87585->87618 87619 468070 104 API calls moneypunct 87586->87619 87587->87585 87589 479a12 87587->87589 87617 451b42 61 API calls 87589->87617 87592 479a24 87593 479aca VariantClear 87592->87593 87594 479adb 87593->87594 87594->87548 87595 479a50 87595->87593 87620 468070 104 API calls moneypunct 87595->87620 87598 441f12 87597->87598 87599 441ecc _wcslen 87597->87599 87598->87572 87599->87598 87600 410160 52 API calls 87599->87600 87601 441ede 87600->87601 87601->87572 87603 451d5e 87602->87603 87604 451e93 SysFreeString 87603->87604 87605 451f21 87603->87605 87606 451ea0 87603->87606 87612 451d68 87603->87612 87604->87606 87605->87606 87607 451f6d lstrcmpiW 87605->87607 87608 451f7f SysFreeString 87605->87608 87611 451fab 87605->87611 87606->87612 87622 44a545 RaiseException 87606->87622 87607->87608 87610 451fc7 SysFreeString 87607->87610 87608->87605 87610->87606 87611->87578 87612->87578 87613->87568 87614->87571 87615->87576 87616->87578 87617->87592 87618->87592 87619->87595 87620->87595 87621->87561 87622->87606 87623 425b2b 87628 40f000 87623->87628 87627 425b3a 87629 4115d7 52 API calls 87628->87629 87630 40f007 87629->87630 87631 4276ea 87630->87631 87637 40f030 87630->87637 87636 41130a 51 API calls __cinit 87636->87627 87638 40f039 87637->87638 87639 40f01a 87637->87639 87667 41130a 51 API calls __cinit 87638->87667 87641 40e500 87639->87641 87642 40bc70 52 API calls 87641->87642 87643 40e515 GetVersionExW 87642->87643 87644 402160 52 API calls 87643->87644 87645 40e557 87644->87645 87668 40e660 87645->87668 87648 40e680 52 API calls 87650 40e566 87648->87650 87651 427674 87650->87651 87673 40ef60 87650->87673 87655 4276c6 GetSystemInfo 87651->87655 87653 40e5e0 87657 4276d5 GetSystemInfo 87653->87657 87677 40efd0 87653->87677 87654 40e5cd GetCurrentProcess 87684 40ef20 LoadLibraryA GetProcAddress 87654->87684 87655->87657 87660 40e629 87681 40ef90 87660->87681 87663 40e641 FreeLibrary 87664 40e644 87663->87664 87665 40e653 FreeLibrary 87664->87665 87666 40e656 87664->87666 87665->87666 87666->87636 87667->87639 87669 40e667 87668->87669 87670 42761d 87669->87670 87671 40c600 52 API calls 87669->87671 87672 40e55c 87671->87672 87672->87648 87674 40e5c8 87673->87674 87675 40ef66 LoadLibraryA 87673->87675 87674->87653 87674->87654 87675->87674 87676 40ef77 GetProcAddress 87675->87676 87676->87674 87678 40e620 87677->87678 87679 40efd6 LoadLibraryA 87677->87679 87678->87655 87678->87660 87679->87678 87680 40efe7 GetProcAddress 87679->87680 87680->87678 87685 40efb0 LoadLibraryA GetProcAddress 87681->87685 87683 40e632 GetNativeSystemInfo 87683->87663 87683->87664 87684->87653 87685->87683 87686 40b2cd 87689 40bf20 87686->87689 87690 40bf39 87689->87690 87691 42bdba 87690->87691 87692 40bf78 87690->87692 87818 45e737 90 API calls 3 library calls 87691->87818 87693 40c2c0 52 API calls 87692->87693 87695 40bfa8 87693->87695 87697 408f40 VariantClear 87695->87697 87701 40bfe8 87695->87701 87696 408f40 VariantClear 87698 42c185 87696->87698 87700 40bfbb 87697->87700 87702 408f40 VariantClear 87698->87702 87699 40bff5 87703 42be23 87699->87703 87704 40c00c 87699->87704 87715 42bdcd 87699->87715 87705 401980 53 API calls 87700->87705 87701->87699 87747 40c1dd 87701->87747 87819 40c4e0 387 API calls 87701->87819 87707 42c18d 87702->87707 87759 40c07f 87703->87759 87820 45e737 90 API calls 3 library calls 87703->87820 87708 40a780 387 API calls 87704->87708 87709 40bfd6 87705->87709 87831 452670 VariantClear 87707->87831 87711 40c022 87708->87711 87714 40c2c0 52 API calls 87709->87714 87711->87715 87813 408e80 VariantClear 87711->87813 87714->87701 87715->87696 87716 42c196 87716->87716 87718 40c035 87721 40a780 387 API calls 87718->87721 87718->87747 87722 40c06b 87721->87722 87722->87715 87814 408e80 VariantClear 87722->87814 87724 40a780 387 API calls 87724->87759 87725 40cf00 53 API calls 87725->87759 87726 408e80 VariantClear 87726->87759 87727 452f05 VariantClear 87727->87759 87729 408f40 VariantClear 87729->87759 87730 40c147 87731 40c151 87730->87731 87732 42c0df 87730->87732 87733 408f40 VariantClear 87731->87733 87734 408f40 VariantClear 87732->87734 87736 40c159 87733->87736 87737 42c0f2 87734->87737 87735 452670 VariantClear 87735->87759 87815 40c670 88 API calls 87736->87815 87827 40ceb0 53 API calls 87737->87827 87740 40c16d 87741 42c111 87740->87741 87816 40c670 88 API calls 87740->87816 87828 467c5c 88 API calls 87741->87828 87745 42c134 87745->87747 87829 40ceb0 53 API calls 87745->87829 87746 40c180 87746->87741 87748 40c188 87746->87748 87830 45e737 90 API calls 3 library calls 87747->87830 87817 40ceb0 53 API calls 87748->87817 87749 42c0bc 87824 408e80 VariantClear 87749->87824 87753 40e710 53 API calls 87753->87759 87754 40c199 87757 408f40 VariantClear 87754->87757 87755 42c0c5 87825 408e80 VariantClear 87755->87825 87760 40c1af 87757->87760 87758 42c0d1 87826 40ceb0 53 API calls 87758->87826 87759->87715 87759->87724 87759->87725 87759->87726 87759->87727 87759->87729 87759->87730 87759->87732 87759->87735 87759->87747 87759->87749 87759->87753 87768 46c84c 87759->87768 87821 45e951 53 API calls 87759->87821 87822 451b42 61 API calls 87759->87822 87823 45e737 90 API calls 3 library calls 87759->87823 87762 408f40 VariantClear 87760->87762 87763 40c1b7 87762->87763 87764 408f40 VariantClear 87763->87764 87765 40c1bf 87764->87765 87766 408f40 VariantClear 87765->87766 87767 40b2d8 87766->87767 87772 46c8a3 __localtime64_s 87768->87772 87769 46ca96 87841 451b42 61 API calls 87769->87841 87771 46cb56 87771->87759 87772->87769 87775 46ca74 87772->87775 87778 46c8e1 87772->87778 87812 46ca4a 87772->87812 87773 46ca90 87773->87769 87779 46caa2 VariantInit VariantClear 87773->87779 87774 46ca58 87837 451b42 61 API calls 87774->87837 87838 451b42 61 API calls 87775->87838 87782 46c8e8 87778->87782 87789 46c904 87778->87789 87783 46cacb 87779->87783 87780 46ca6b 87780->87759 87781 46ca87 87781->87759 87832 451b42 61 API calls 87782->87832 87785 46cafb 87783->87785 87787 46cad6 87783->87787 87790 46cb05 87785->87790 87791 408f40 VariantClear 87785->87791 87786 46c8fb 87786->87759 87788 408f40 VariantClear 87787->87788 87792 46cadb 87788->87792 87794 46c95e VariantInit 87789->87794 87840 468070 104 API calls moneypunct 87790->87840 87791->87790 87839 451b42 61 API calls 87792->87839 87798 46c99c 87794->87798 87796 46cb2e VariantClear 87796->87759 87797 46caf2 87797->87759 87799 46c9ae 87798->87799 87806 46c9e4 87798->87806 87800 46c9d0 87799->87800 87801 46c9b9 87799->87801 87834 451b42 61 API calls 87800->87834 87833 451b42 61 API calls 87801->87833 87804 46c9c7 87804->87759 87805 46c9db 87805->87759 87806->87769 87807 46ca37 87806->87807 87808 46ca1d 87806->87808 87836 468070 104 API calls moneypunct 87807->87836 87835 451b42 61 API calls 87808->87835 87810 46ca2e 87810->87759 87812->87773 87812->87774 87813->87718 87814->87759 87815->87740 87816->87746 87817->87754 87818->87715 87819->87699 87820->87759 87821->87759 87822->87759 87823->87759 87824->87755 87825->87758 87826->87732 87827->87741 87828->87745 87829->87747 87830->87715 87831->87716 87832->87786 87833->87804 87834->87805 87835->87810 87836->87812 87837->87780 87838->87781 87839->87797 87840->87796 87841->87771 87842 425b6f 87847 40dc90 87842->87847 87846 425b7e 87848 40bc70 52 API calls 87847->87848 87849 40dd03 87848->87849 87855 40f210 87849->87855 87852 40dd96 87853 40ddb7 87852->87853 87858 40dc00 52 API calls 2 library calls 87852->87858 87854 41130a 51 API calls __cinit 87853->87854 87854->87846 87859 40f250 RegOpenKeyExW 87855->87859 87857 40f230 87857->87852 87858->87852 87860 425e17 87859->87860 87861 40f275 RegQueryValueExW 87859->87861 87860->87857 87862 40f2c3 RegCloseKey 87861->87862 87863 40f298 87861->87863 87862->87857 87864 40f2a9 RegCloseKey 87863->87864 87865 425e1d 87863->87865 87864->87857 87866 42b1d2 87867 40bc10 53 API calls 87866->87867 87868 42b1e0 87867->87868 87875 4720db 87868->87875 87870 42b228 87962 45e737 90 API calls 3 library calls 87870->87962 87872 42bb6a 87963 44b92d VariantClear 87872->87963 87874 42bc5b 87876 472108 __localtime64_s 87875->87876 87877 4721d1 87876->87877 87878 47215e 87876->87878 87880 47226d 87877->87880 87882 472545 SHGetFolderPathW 87877->87882 87883 472324 87877->87883 87884 4724a1 87877->87884 87885 4723ae 87877->87885 87886 4725ad SHGetFolderPathW 87877->87886 87887 47252b SHGetFolderPathW 87877->87887 87888 472369 87877->87888 87889 4724f7 SHGetFolderPathW 87877->87889 87890 472255 87877->87890 87891 472274 87877->87891 87892 4723f3 87877->87892 87893 472593 SHGetFolderPathW 87877->87893 87894 472511 SHGetFolderPathW 87877->87894 87895 4722df 87877->87895 87896 47255f SHGetFolderPathW 87877->87896 87897 47229e GetLocalTime 87877->87897 87898 47247d 87877->87898 87899 4724dd SHGetFolderPathW 87877->87899 87900 472579 SHGetFolderPathW 87877->87900 87901 472438 87877->87901 87879 401b10 52 API calls 87878->87879 87881 47216b 87879->87881 87880->87870 87964 40bd50 52 API calls 87881->87964 87904 4722be 87882->87904 87971 441e23 GetSystemTimeAsFileTime 87883->87971 87988 441e23 GetSystemTimeAsFileTime 87884->87988 87977 441e23 GetSystemTimeAsFileTime 87885->87977 87886->87904 87887->87904 87974 441e23 GetSystemTimeAsFileTime 87888->87974 87889->87904 87923 408f40 VariantClear 87890->87923 87966 408e80 VariantClear 87891->87966 87980 441e23 GetSystemTimeAsFileTime 87892->87980 87893->87904 87894->87904 87968 441e23 GetSystemTimeAsFileTime 87895->87968 87896->87904 87906 4722b9 87897->87906 87986 441e23 GetSystemTimeAsFileTime 87898->87986 87899->87904 87900->87904 87983 441e23 GetSystemTimeAsFileTime 87901->87983 87930 40e710 53 API calls 87904->87930 87967 41329b 79 API calls 3 library calls 87906->87967 87913 47233c 87972 451aa8 91 API calls _strftime 87913->87972 87914 47240b 87981 451aa8 91 API calls _strftime 87914->87981 87915 472381 87975 451aa8 91 API calls _strftime 87915->87975 87917 47217d 87928 40c2c0 52 API calls 87917->87928 87918 472450 87984 451aa8 91 API calls _strftime 87918->87984 87919 4722f7 87969 451aa8 91 API calls _strftime 87919->87969 87920 4723c6 87978 451aa8 91 API calls _strftime 87920->87978 87921 472489 87987 451b19 83 API calls 87921->87987 87922 4724b3 87989 451aa8 91 API calls _strftime 87922->87989 87923->87880 87940 47218c 87928->87940 87942 4722cc 87930->87942 87935 4724b9 87990 40e6a0 53 API calls 87935->87990 87936 472342 87973 40e6a0 53 API calls 87936->87973 87937 472411 87982 40e6a0 53 API calls 87937->87982 87938 47228b 87938->87870 87939 472387 87976 40e6a0 53 API calls 87939->87976 87961 472193 87940->87961 87965 408e80 VariantClear 87940->87965 87941 472456 87985 40e6a0 53 API calls 87941->87985 87942->87870 87943 4722fd 87970 40e6a0 53 API calls 87943->87970 87944 4723cc 87979 40e6a0 53 API calls 87944->87979 87952 4724c2 87952->87870 87953 47234b 87953->87870 87954 47241a 87954->87870 87955 472390 87955->87870 87956 47245f 87956->87870 87958 472306 87958->87870 87959 4723d5 87959->87870 87960 4721b6 87960->87870 87961->87870 87962->87872 87963->87874 87964->87917 87965->87960 87966->87938 87967->87904 87968->87919 87969->87943 87970->87958 87971->87913 87972->87936 87973->87953 87974->87915 87975->87939 87976->87955 87977->87920 87978->87944 87979->87959 87980->87914 87981->87937 87982->87954 87983->87918 87984->87941 87985->87956 87986->87921 87987->87906 87988->87922 87989->87935 87990->87952 87991 416454 88028 416c70 87991->88028 87993 416460 GetStartupInfoW 87994 416474 87993->87994 88029 419d5a HeapCreate 87994->88029 87996 4164cd 87997 4164d8 87996->87997 88113 41642b 46 API calls 3 library calls 87996->88113 88030 417c20 GetModuleHandleW 87997->88030 88000 4164de 88001 4164e9 __RTC_Initialize 88000->88001 88114 41642b 46 API calls 3 library calls 88000->88114 88049 41aaa1 GetStartupInfoW 88001->88049 88005 416503 GetCommandLineW 88062 41f584 GetEnvironmentStringsW 88005->88062 88008 416513 88068 41f4d6 GetModuleFileNameW 88008->88068 88011 41651d 88012 416528 88011->88012 88116 411924 46 API calls 3 library calls 88011->88116 88072 41f2a4 88012->88072 88015 41652e 88016 416539 88015->88016 88117 411924 46 API calls 3 library calls 88015->88117 88086 411703 88016->88086 88019 416541 88021 41654c __wwincmdln 88019->88021 88118 411924 46 API calls 3 library calls 88019->88118 88090 40d6b0 88021->88090 88028->87993 88029->87996 88031 417c34 88030->88031 88032 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 88030->88032 88121 4178ff 49 API calls _free 88031->88121 88034 417c87 TlsAlloc 88032->88034 88037 417cd5 TlsSetValue 88034->88037 88038 417d96 88034->88038 88035 417c39 88035->88000 88037->88038 88039 417ce6 __init_pointers 88037->88039 88038->88000 88122 418151 InitializeCriticalSectionAndSpinCount 88039->88122 88041 417d91 88130 4178ff 49 API calls _free 88041->88130 88043 417d2a 88043->88041 88123 416b49 88043->88123 88046 417d76 88129 41793c 46 API calls 4 library calls 88046->88129 88048 417d7e GetCurrentThreadId 88048->88038 88050 416b49 __calloc_crt 46 API calls 88049->88050 88060 41aabf 88050->88060 88051 41ac6a GetStdHandle 88057 41ac34 88051->88057 88052 416b49 __calloc_crt 46 API calls 88052->88060 88053 41acce SetHandleCount 88056 4164f7 88053->88056 88054 41ac7c GetFileType 88054->88057 88055 41abb4 88055->88057 88058 41abe0 GetFileType 88055->88058 88059 41abeb InitializeCriticalSectionAndSpinCount 88055->88059 88056->88005 88115 411924 46 API calls 3 library calls 88056->88115 88057->88051 88057->88053 88057->88054 88061 41aca2 InitializeCriticalSectionAndSpinCount 88057->88061 88058->88055 88058->88059 88059->88055 88059->88056 88060->88052 88060->88055 88060->88056 88060->88057 88061->88056 88061->88057 88063 41f595 88062->88063 88064 41f599 88062->88064 88063->88008 88140 416b04 88064->88140 88066 41f5bb _memmove 88067 41f5c2 FreeEnvironmentStringsW 88066->88067 88067->88008 88070 41f50b _wparse_cmdline 88068->88070 88069 41f54e _wparse_cmdline 88069->88011 88070->88069 88071 416b04 __malloc_crt 46 API calls 88070->88071 88071->88069 88073 41f2bc _wcslen 88072->88073 88077 41f2b4 88072->88077 88074 416b49 __calloc_crt 46 API calls 88073->88074 88079 41f2e0 _wcslen 88074->88079 88075 41f336 88147 413748 88075->88147 88077->88015 88078 416b49 __calloc_crt 46 API calls 88078->88079 88079->88075 88079->88077 88079->88078 88080 41f35c 88079->88080 88083 41f373 88079->88083 88146 41ef12 46 API calls wcstoxl 88079->88146 88081 413748 _free 46 API calls 88080->88081 88081->88077 88153 417ed3 88083->88153 88085 41f37f 88085->88015 88087 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 88086->88087 88089 411750 __IsNonwritableInCurrentImage 88087->88089 88172 41130a 51 API calls __cinit 88087->88172 88089->88019 88091 42e2f3 88090->88091 88092 40d6cc 88090->88092 88093 408f40 VariantClear 88092->88093 88094 40d707 88093->88094 88173 40ebb0 88094->88173 88097 40d737 88176 411951 88097->88176 88102 40d751 88188 40f4e0 SystemParametersInfoW SystemParametersInfoW 88102->88188 88104 40d75f 88189 40d590 GetCurrentDirectoryW 88104->88189 88113->87997 88114->88001 88121->88035 88122->88043 88125 416b52 88123->88125 88126 416b8f 88125->88126 88127 416b70 Sleep 88125->88127 88131 41f677 88125->88131 88126->88041 88126->88046 88128 416b85 88127->88128 88128->88125 88128->88126 88129->88048 88130->88038 88132 41f683 88131->88132 88136 41f69e _malloc 88131->88136 88133 41f68f 88132->88133 88132->88136 88139 417f77 46 API calls __getptd_noexit 88133->88139 88135 41f6b1 HeapAlloc 88135->88136 88138 41f6d8 88135->88138 88136->88135 88136->88138 88137 41f694 88137->88125 88138->88125 88139->88137 88141 416b0d 88140->88141 88142 4135bb _malloc 45 API calls 88141->88142 88143 416b43 88141->88143 88144 416b24 Sleep 88141->88144 88142->88141 88143->88066 88145 416b39 88144->88145 88145->88141 88145->88143 88146->88079 88148 41377c __dosmaperr 88147->88148 88149 413753 RtlFreeHeap 88147->88149 88148->88077 88149->88148 88150 413768 88149->88150 88156 417f77 46 API calls __getptd_noexit 88150->88156 88152 41376e GetLastError 88152->88148 88157 417daa 88153->88157 88156->88152 88158 417dc9 __localtime64_s __call_reportfault 88157->88158 88159 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 88158->88159 88160 417eb5 __call_reportfault 88159->88160 88163 41a208 88160->88163 88162 417ed1 GetCurrentProcess TerminateProcess 88162->88085 88164 41a210 88163->88164 88165 41a212 IsDebuggerPresent 88163->88165 88164->88162 88171 41fe19 88165->88171 88168 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 88169 421ff0 __call_reportfault 88168->88169 88170 421ff8 GetCurrentProcess TerminateProcess 88168->88170 88169->88170 88170->88162 88171->88168 88172->88089 88229 40ebd0 88173->88229 88233 4182cb 88176->88233 88178 41195e 88240 4181f2 LeaveCriticalSection 88178->88240 88180 40d748 88181 4119b0 88180->88181 88182 4119d6 88181->88182 88183 4119bc 88181->88183 88182->88102 88183->88182 88275 417f77 46 API calls __getptd_noexit 88183->88275 88185 4119c6 88276 417f25 10 API calls wcstoxl 88185->88276 88187 4119d1 88187->88102 88188->88104 88277 401f20 88189->88277 88228 40ec00 LoadLibraryA GetProcAddress 88228->88097 88230 40d72e 88229->88230 88231 40ebd6 LoadLibraryA 88229->88231 88230->88097 88230->88228 88231->88230 88232 40ebe7 GetProcAddress 88231->88232 88232->88230 88234 4182e0 88233->88234 88235 4182f3 EnterCriticalSection 88233->88235 88241 418209 88234->88241 88235->88178 88237 4182e6 88237->88235 88268 411924 46 API calls 3 library calls 88237->88268 88240->88180 88242 418215 __close 88241->88242 88243 418225 88242->88243 88244 41823d 88242->88244 88269 418901 46 API calls 2 library calls 88243->88269 88247 416b04 __malloc_crt 45 API calls 88244->88247 88250 41824b __close 88244->88250 88246 41822a 88270 418752 46 API calls 8 library calls 88246->88270 88249 418256 88247->88249 88252 41825d 88249->88252 88253 41826c 88249->88253 88250->88237 88251 418231 88271 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 88251->88271 88272 417f77 46 API calls __getptd_noexit 88252->88272 88255 4182cb __lock 45 API calls 88253->88255 88257 418273 88255->88257 88259 4182a6 88257->88259 88260 41827b InitializeCriticalSectionAndSpinCount 88257->88260 88263 413748 _free 45 API calls 88259->88263 88261 418297 88260->88261 88262 41828b 88260->88262 88274 4182c2 LeaveCriticalSection _doexit 88261->88274 88264 413748 _free 45 API calls 88262->88264 88263->88261 88269->88246 88270->88251 88272->88250 88274->88250 88275->88185 88276->88187 88387 40e6e0 88277->88387 89242 472c3f GetUserNameW 89243 40b2b9 89246 40ccd0 89243->89246 89245 40b2c4 89286 40cc70 89246->89286 89248 40ccf3 89249 42c3bb 89248->89249 89251 40cd1b 89248->89251 89275 40cd8a moneypunct 89248->89275 89306 45e737 90 API calls 3 library calls 89249->89306 89252 40cdad 89251->89252 89256 40cd30 89251->89256 89258 40ce40 89252->89258 89264 42c3a0 89252->89264 89265 42c31a 89252->89265 89271 40cc70 387 API calls 89252->89271 89276 42c335 89252->89276 89277 42c370 89252->89277 89281 42c343 89252->89281 89253 40cd72 89255 402780 52 API calls 89253->89255 89254 402780 52 API calls 89254->89256 89257 40cd80 89255->89257 89256->89253 89256->89254 89256->89275 89295 40e7d0 387 API calls 89257->89295 89296 40ceb0 53 API calls 89258->89296 89261 40ce53 89262 408f40 VariantClear 89261->89262 89263 40ce5b 89262->89263 89266 408f40 VariantClear 89263->89266 89304 45e737 90 API calls 3 library calls 89264->89304 89297 45e737 90 API calls 3 library calls 89265->89297 89269 40ce63 89266->89269 89269->89245 89270 42c3ad 89305 452670 VariantClear 89270->89305 89271->89252 89272 42c327 89298 452670 VariantClear 89272->89298 89275->89245 89299 452670 VariantClear 89276->89299 89302 45e737 90 API calls 3 library calls 89277->89302 89280 42c392 89303 452670 VariantClear 89280->89303 89300 45e737 90 API calls 3 library calls 89281->89300 89284 42c362 89301 452670 VariantClear 89284->89301 89287 40a780 387 API calls 89286->89287 89288 40cc96 89287->89288 89289 42bd0e 89288->89289 89290 40cc9e 89288->89290 89291 408f40 VariantClear 89289->89291 89293 408f40 VariantClear 89290->89293 89292 42bd16 89291->89292 89292->89248 89294 40ccb8 89293->89294 89294->89248 89295->89275 89296->89261 89297->89272 89298->89275 89299->89275 89300->89284 89301->89275 89302->89280 89303->89275 89304->89270 89305->89275 89306->89275 89307 425b5e 89312 40c7f0 89307->89312 89311 425b6d 89347 40db10 52 API calls 89312->89347 89314 40c82a 89348 410ab0 6 API calls 89314->89348 89316 40c86d 89317 40bc70 52 API calls 89316->89317 89318 40c877 89317->89318 89319 40bc70 52 API calls 89318->89319 89320 40c881 89319->89320 89321 40bc70 52 API calls 89320->89321 89322 40c88b 89321->89322 89323 40bc70 52 API calls 89322->89323 89324 40c8d1 89323->89324 89325 40bc70 52 API calls 89324->89325 89326 40c991 89325->89326 89349 40d2c0 52 API calls 89326->89349 89328 40c99b 89350 40d0d0 53 API calls 89328->89350 89330 40c9c1 89331 40bc70 52 API calls 89330->89331 89332 40c9cb 89331->89332 89351 40e310 53 API calls 89332->89351 89334 40ca28 89335 408f40 VariantClear 89334->89335 89336 40ca30 89335->89336 89337 408f40 VariantClear 89336->89337 89338 40ca38 GetStdHandle 89337->89338 89339 429630 89338->89339 89340 40ca87 89338->89340 89339->89340 89341 429639 89339->89341 89346 41130a 51 API calls __cinit 89340->89346 89352 4432c0 57 API calls 89341->89352 89343 429641 89353 44b6ab CreateThread 89343->89353 89345 42964f CloseHandle 89345->89340 89346->89311 89347->89314 89348->89316 89349->89328 89350->89330 89351->89334 89352->89343 89353->89345 89354 44b5cb 58 API calls 89353->89354
              APIs
              • _wcslen.LIBCMT ref: 004096C1
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • _memmove.LIBCMT ref: 0040970C
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
              • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
              • _memmove.LIBCMT ref: 00409D96
              • _memmove.LIBCMT ref: 0040A6C4
              • _memmove.LIBCMT ref: 004297E5
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
              • String ID:
              • API String ID: 2383988440-0
              • Opcode ID: bab84ff360c0cffdf535f1041a843a108fd918112f223d2f23c323e7481f7436
              • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
              • Opcode Fuzzy Hash: bab84ff360c0cffdf535f1041a843a108fd918112f223d2f23c323e7481f7436
              • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B

              Control-flow Graph

              APIs
              • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\7uJ95NO82G.exe,00000104,?), ref: 00401F4C
                • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
              • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
              • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\7uJ95NO82G.exe,00000104,?,004A7F50,004A7F54), ref: 0040D625
                • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
              • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
              • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00484C92,00000010), ref: 0042E1C9
              • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
              • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
              • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                • Part of subcall function 00410390: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                • Part of subcall function 00410390: RegisterClassExW.USER32(?), ref: 0041045D
                • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcscpy
              • String ID: C:\Users\user\Desktop\7uJ95NO82G.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
              • API String ID: 2495805114-2695070403
              • Opcode ID: 41e582475c413773e3743a4b8e51b79ae17ec4e07ea1e63541618b073f9d51de
              • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
              • Opcode Fuzzy Hash: 41e582475c413773e3743a4b8e51b79ae17ec4e07ea1e63541618b073f9d51de
              • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1699 4720db-472131 call 412f40 * 2 1704 47213b-472151 call 41313c 1699->1704 1707 472153-472157 1704->1707 1708 472159-47215c 1704->1708 1707->1704 1707->1708 1709 4721d1-4721d4 1708->1709 1710 47215e-472191 call 401b10 call 40bd50 call 40c2c0 1708->1710 1712 472db4-472dc4 call 402250 1709->1712 1713 4721da 1709->1713 1794 472193-4721ad call 402250 * 2 1710->1794 1795 4721b0-4721ce call 408e80 call 402250 * 2 1710->1795 1716 472545-47255a SHGetFolderPathW 1713->1716 1717 472324-472366 call 441e23 call 451aa8 call 40e6a0 call 402250 * 2 1713->1717 1718 4724a1-4724da call 441e23 call 451aa8 call 40e6a0 call 402250 * 2 1713->1718 1719 4723ae-4723f0 call 441e23 call 451aa8 call 40e6a0 call 402250 * 2 1713->1719 1720 4725ad-4725c2 SHGetFolderPathW 1713->1720 1721 47252b-472540 SHGetFolderPathW 1713->1721 1722 472369-4723ab call 441e23 call 451aa8 call 40e6a0 call 402250 * 2 1713->1722 1723 4724f7-47250c SHGetFolderPathW 1713->1723 1724 472255-472dad call 403cc0 call 408f40 1713->1724 1725 472274-47229b call 403cc0 call 408e80 call 402250 1713->1725 1726 4723f3-472435 call 441e23 call 451aa8 call 40e6a0 call 402250 * 2 1713->1726 1727 472593-4725a8 SHGetFolderPathW 1713->1727 1728 472511-472526 SHGetFolderPathW 1713->1728 1729 4722df-472321 call 441e23 call 451aa8 call 40e6a0 call 402250 * 2 1713->1729 1730 47255f-472574 SHGetFolderPathW 1713->1730 1731 47229e-4722b8 GetLocalTime 1713->1731 1732 47247d-47249c call 441e23 call 451b19 1713->1732 1733 4724dd-4724f2 SHGetFolderPathW 1713->1733 1734 472579-47258e SHGetFolderPathW 1713->1734 1735 472438-47247a call 441e23 call 451aa8 call 40e6a0 call 402250 * 2 1713->1735 1740 4722c1-4722dc call 40e710 call 402250 1716->1740 1720->1740 1721->1740 1723->1740 1724->1712 1727->1740 1728->1740 1730->1740 1742 4722b9-4722be call 41329b 1731->1742 1732->1742 1733->1740 1734->1740 1742->1740
              APIs
              • GetLocalTime.KERNEL32(?), ref: 004722A2
              • __swprintf.LIBCMT ref: 004722B9
              • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
              • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
              • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
              • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
              • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
              • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
              • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
              • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
              • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FolderPath$LocalTime__swprintf
              • String ID: %.3d
              • API String ID: 3337348382-986655627
              • Opcode ID: a58a57cd5ebc1ace6200ce5e5fba9a5da2eee674366265addf8639f2f8ddc892
              • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
              • Opcode Fuzzy Hash: a58a57cd5ebc1ace6200ce5e5fba9a5da2eee674366265addf8639f2f8ddc892
              • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2476 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 2485 40e582-40e583 2476->2485 2486 427674-427679 2476->2486 2489 40e585-40e596 2485->2489 2490 40e5ba-40e5cb call 40ef60 2485->2490 2487 427683-427686 2486->2487 2488 42767b-427681 2486->2488 2492 427693-427696 2487->2492 2493 427688-427691 2487->2493 2491 4276b4-4276be 2488->2491 2494 427625-427629 2489->2494 2495 40e59c-40e59f 2489->2495 2507 40e5ec-40e60c 2490->2507 2508 40e5cd-40e5e6 GetCurrentProcess call 40ef20 2490->2508 2509 4276c6-4276ca GetSystemInfo 2491->2509 2492->2491 2499 427698-4276a8 2492->2499 2493->2491 2501 427636-427640 2494->2501 2502 42762b-427631 2494->2502 2497 40e5a5-40e5ae 2495->2497 2498 427654-427657 2495->2498 2503 40e5b4 2497->2503 2504 427645-42764f 2497->2504 2498->2490 2510 42765d-42766f 2498->2510 2505 4276b0 2499->2505 2506 4276aa-4276ae 2499->2506 2501->2490 2502->2490 2503->2490 2504->2490 2505->2491 2506->2491 2512 40e612-40e623 call 40efd0 2507->2512 2513 4276d5-4276df GetSystemInfo 2507->2513 2508->2507 2520 40e5e8 2508->2520 2509->2513 2510->2490 2512->2509 2517 40e629-40e63f call 40ef90 GetNativeSystemInfo 2512->2517 2522 40e641-40e642 FreeLibrary 2517->2522 2523 40e644-40e651 2517->2523 2520->2507 2522->2523 2524 40e653-40e654 FreeLibrary 2523->2524 2525 40e656-40e65d 2523->2525 2524->2525
              APIs
              • GetVersionExW.KERNEL32(?), ref: 0040E52A
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
              • GetNativeSystemInfo.KERNEL32(?), ref: 0040E632
              • FreeLibrary.KERNEL32(?), ref: 0040E642
              • FreeLibrary.KERNEL32(?), ref: 0040E654
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
              • String ID: 0SH
              • API String ID: 3363477735-851180471
              • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
              • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
              • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
              • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
              APIs
              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?), ref: 00433EFD
              • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00433F0D
              • Process32NextW.KERNEL32(00000000,0000022C), ref: 00433F38
              • __wsplitpath.LIBCMT ref: 00433F63
                • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
              • _wcscat.LIBCMT ref: 00433F76
              • __wcsicoll.LIBCMT ref: 00433F86
              • CloseHandle.KERNEL32(00000000), ref: 00433FBF
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
              • String ID:
              • API String ID: 2547909840-0
              • Opcode ID: 182a9fd14032e8e93bb148eed081eedfbc5356b8f5808f875ed41f9760706005
              • Instruction ID: e17d583989bb1df9e9dd6b28cd90faaf4a95b78209a4298828de810110d6b8cb
              • Opcode Fuzzy Hash: 182a9fd14032e8e93bb148eed081eedfbc5356b8f5808f875ed41f9760706005
              • Instruction Fuzzy Hash: 9621EAB2800109ABC721DF50DC84FEEB7B8AB48300F5045DEF60997240EB799B84CFA4
              APIs
              • OleInitialize.OLE32(00000000), ref: 0046CF63
              • _wcslen.LIBCMT ref: 0046CF75
              • CreateBindCtx.OLE32(00000000,?), ref: 0046D01F
              • MkParseDisplayName.OLE32(?,?,?,?), ref: 0046D065
                • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
              • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0046D10B
              • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0046D125
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Variant$Copy$ActiveBindClearCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcslen
              • String ID:
              • API String ID: 2728119192-0
              • Opcode ID: f61fbbea4972f354fdf485375051132769b1db82ff0cc1c8953d76aaf66a3e14
              • Instruction ID: 654cbfa1d8fefa06abeba6563afdd6e3d5f820db169d2b444807b365abf91408
              • Opcode Fuzzy Hash: f61fbbea4972f354fdf485375051132769b1db82ff0cc1c8953d76aaf66a3e14
              • Instruction Fuzzy Hash: 3D815E71604301ABD700EF65DC85F6BB3E8BF88704F10491EF64597291E775E905CB6A
              APIs
              • LoadLibraryA.KERNEL32(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
              • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID: IsThemeActive$uxtheme.dll
              • API String ID: 2574300362-3542929980
              • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
              • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
              • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
              • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
              APIs
              • GetFileAttributesW.KERNEL32(?,00000000), ref: 004339C7
              • FindFirstFileW.KERNEL32(?,?), ref: 004339D8
              • FindClose.KERNEL32(00000000), ref: 004339EB
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FileFind$AttributesCloseFirst
              • String ID:
              • API String ID: 48322524-0
              • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
              • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
              • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
              • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
              APIs
              • GetUserNameW.ADVAPI32(?,?), ref: 00472C51
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: NameUser
              • String ID:
              • API String ID: 2645101109-0
              • Opcode ID: e1f8f42dac8fc42dc827f7d1906d4f9b69e2e30a543b0124fa5ca55585ac3181
              • Instruction ID: cbdb53fe1e94bfc77c89611ca4b62432a5518fa0aa6a76fb1323f8d63e00c007
              • Opcode Fuzzy Hash: e1f8f42dac8fc42dc827f7d1906d4f9b69e2e30a543b0124fa5ca55585ac3181
              • Instruction Fuzzy Hash: C3C04CB5004008EBDB148F50D9889D93B78BB04340F108199B60E95040D7B496C9DBA5
              APIs
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
              • Sleep.KERNEL32(0000000A,?), ref: 004094D1
              • TranslateMessage.USER32(?), ref: 00409556
              • DispatchMessageW.USER32(?), ref: 00409561
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Message$Peek$DispatchSleepTranslate
              • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
              • API String ID: 1762048999-758534266
              • Opcode ID: ec32ca6022fdedc8b551ae3930885828cd619d142efc8d717426ab9c0beb9887
              • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
              • Opcode Fuzzy Hash: ec32ca6022fdedc8b551ae3930885828cd619d142efc8d717426ab9c0beb9887
              • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A

              Control-flow Graph

              APIs
              • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 00433A26
              • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000), ref: 00433A4E
              • _wcslen.LIBCMT ref: 00433A55
              • _wcscpy.LIBCMT ref: 00433A7B
              • _wcscat.LIBCMT ref: 00433A9C
              • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00433AC1
              • _wcscat.LIBCMT ref: 00433B0E
              • _wcscat.LIBCMT ref: 00433B15
              • __wcsicoll.LIBCMT ref: 00433B2F
              • _wcsncpy.LIBCMT ref: 00433B45
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
              • API String ID: 1503153545-1459072770
              • Opcode ID: a84af3f829bfe5e2025a22b5ab77c79a13bb48da870e5023e88e2b7234c21303
              • Instruction ID: bf9a9138137c8e48d15734b0b0bf1383f69a7efb75f9ce998fc77f2ad016157b
              • Opcode Fuzzy Hash: a84af3f829bfe5e2025a22b5ab77c79a13bb48da870e5023e88e2b7234c21303
              • Instruction Fuzzy Hash: D551F672A402043BD610BB269C43EFFB36C9F49715F10055FFE09A6242EA7DEA5183AD

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1295 46ed8e-46ee39 call 4109e0 * 2 call 40e0a0 * 2 call 402160 call 40bc70 * 3 1312 46ee4a-46ee4e 1295->1312 1313 46ee3b-46ee47 call 4152bb 1295->1313 1315 46ee50-46ee5a call 469296 1312->1315 1316 46ee61-46ee6d call 436565 1312->1316 1313->1312 1315->1316 1322 46eec5-46eed7 call 401c90 1316->1322 1323 46ee6f-46ee77 call 436565 1316->1323 1328 46eedd-46eeec call 401c90 1322->1328 1329 46f2f9-46f305 call 436565 1322->1329 1323->1322 1330 46ee79-46ee81 GetForegroundWindow call 44cdaf 1323->1330 1328->1329 1339 46eef2-46eefd 1328->1339 1337 46f307-46f310 call 40e0a0 1329->1337 1338 46f315-46f319 1329->1338 1336 46ee86-46eec2 call 436299 call 402250 * 3 1330->1336 1337->1338 1343 46f322-46f32a 1338->1343 1344 46f31b 1338->1344 1345 46ef00-46ef1c call 461a5b 1339->1345 1347 46f335-46f339 1343->1347 1348 46f32c-46f330 call 410bc0 1343->1348 1344->1343 1345->1329 1356 46ef22-46ef36 call 445ae0 1345->1356 1353 46f34a-46f354 1347->1353 1354 46f33b-46f33f 1347->1354 1348->1347 1358 46f356-46f363 GetDesktopWindow EnumChildWindows 1353->1358 1359 46f365 EnumWindows 1353->1359 1354->1353 1355 46f341-46f345 call 410bc0 1354->1355 1355->1353 1367 46f1f5-46f209 call 445ae0 1356->1367 1368 46ef3c-46ef50 call 445ae0 1356->1368 1363 46f36b-46f385 call 4457df call 4109e0 1358->1363 1359->1363 1381 46f387-46f390 call 44cdaf 1363->1381 1382 46f395-46f3be call 402250 * 3 1363->1382 1377 46f1ce-46f1f2 call 402250 * 3 1367->1377 1378 46f20b-46f20f 1367->1378 1379 46ef56-46ef6a call 445ae0 1368->1379 1380 46f24b-46f25f call 445ae0 1368->1380 1383 46f225-46f248 call 402250 * 3 1378->1383 1384 46f211-46f21f 1378->1384 1397 46f283-46f2a2 call 432c30 IsWindow 1379->1397 1398 46ef70-46ef84 call 445ae0 1379->1398 1380->1377 1399 46f265-46f26b GetForegroundWindow 1380->1399 1381->1382 1384->1383 1397->1383 1415 46f2a4-46f2a5 1397->1415 1418 46ef86-46ef8b 1398->1418 1419 46efe1-46eff5 call 445ae0 1398->1419 1406 46f26c-46f27a call 44cdaf 1399->1406 1406->1397 1415->1406 1422 46f2a7-46f2cd call 402250 * 3 1418->1422 1423 46ef91-46efa8 call 401070 1418->1423 1429 46eff7-46f009 call 40e0a0 1419->1429 1430 46f00e-46f022 call 445ae0 1419->1430 1431 46efa9-46efb2 call 46906d 1423->1431 1429->1345 1440 46f024-46f03a call 401070 1430->1440 1441 46f03f-46f053 call 445ae0 1430->1441 1431->1345 1443 46efb8-46efde call 402250 * 3 1431->1443 1440->1431 1451 46f074-46f088 call 445ae0 1441->1451 1452 46f055-46f06f call 413190 1441->1452 1459 46f08a-46f0a4 call 413190 1451->1459 1460 46f0a9-46f0bd call 445ae0 1451->1460 1452->1345 1459->1345 1467 46f0de-46f0f2 call 445ae0 1460->1467 1468 46f0bf-46f0d9 call 413190 1460->1468 1473 46f0f4-46f10e call 413190 1467->1473 1474 46f113-46f127 call 445ae0 1467->1474 1468->1345 1473->1345 1479 46f145-46f159 call 445ae0 1474->1479 1480 46f129-46f140 call 413190 1474->1480 1485 46f17a-46f18e call 445ae0 1479->1485 1486 46f15b-46f16f call 445ae0 1479->1486 1480->1345 1492 46f1b4-46f1c8 call 44cd93 1485->1492 1493 46f190-46f195 1485->1493 1486->1377 1491 46f171-46f175 1486->1491 1491->1345 1492->1345 1492->1377 1494 46f2d0-46f2f6 call 402250 * 3 1493->1494 1495 46f19b-46f1af call 40e0a0 1493->1495 1495->1345
              APIs
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • GetForegroundWindow.USER32(?,?,?,?,?,?,?), ref: 0046EE79
              • GetForegroundWindow.USER32(?,?,?,?,?,?), ref: 0046F265
              • IsWindow.USER32(?), ref: 0046F29A
              • GetDesktopWindow.USER32 ref: 0046F356
              • EnumChildWindows.USER32(00000000), ref: 0046F35D
              • EnumWindows.USER32(0046130D,?), ref: 0046F365
                • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop_memmove
              • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
              • API String ID: 329138477-1919597938
              • Opcode ID: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
              • Instruction ID: 15289122aec5319afe5b60ce0d71565fabc5791e0031d8771947120ab82528ab
              • Opcode Fuzzy Hash: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
              • Instruction Fuzzy Hash: 83F10B714143019BDB00FF61D885AAFB3A4BF85308F44496FF94567282E779E909CBA7

              Control-flow Graph

              APIs
              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\7uJ95NO82G.exe,00000104,?), ref: 00401F4C
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • __wcsicoll.LIBCMT ref: 00402007
              • __wcsicoll.LIBCMT ref: 0040201D
              • __wcsicoll.LIBCMT ref: 00402033
                • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
              • __wcsicoll.LIBCMT ref: 00402049
              • _wcscpy.LIBCMT ref: 0040207C
              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\7uJ95NO82G.exe,00000104), ref: 00428B5B
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
              • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\7uJ95NO82G.exe$CMDLINE$CMDLINERAW
              • API String ID: 3948761352-558167069
              • Opcode ID: de7630e39462d0d30620e5d386b824db2ab2692deedf796b652438eb031e1025
              • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
              • Opcode Fuzzy Hash: de7630e39462d0d30620e5d386b824db2ab2692deedf796b652438eb031e1025
              • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99

              Control-flow Graph

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __fread_nolock$_fseek_wcscpy
              • String ID: D)E$D)E$FILE
              • API String ID: 3888824918-361185794
              • Opcode ID: bbb9a7b4761f969ec3dea54db53098c81d7cb11648b9d4801554aeee4ae9a60f
              • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
              • Opcode Fuzzy Hash: bbb9a7b4761f969ec3dea54db53098c81d7cb11648b9d4801554aeee4ae9a60f
              • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5

              Control-flow Graph

              APIs
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
              • __wsplitpath.LIBCMT ref: 0040E41C
                • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
              • _wcsncat.LIBCMT ref: 0040E433
              • __wmakepath.LIBCMT ref: 0040E44F
                • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
              • _wcscpy.LIBCMT ref: 0040E487
                • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
              • _wcscat.LIBCMT ref: 00427541
              • _wcslen.LIBCMT ref: 00427551
              • _wcslen.LIBCMT ref: 00427562
              • _wcscat.LIBCMT ref: 0042757C
              • _wcsncpy.LIBCMT ref: 004275BC
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
              • String ID: Include$\
              • API String ID: 3173733714-3429789819
              • Opcode ID: 5136d7da9c5bf0073b955d23f62714139c06d959485249d800a179de7f9c53a6
              • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
              • Opcode Fuzzy Hash: 5136d7da9c5bf0073b955d23f62714139c06d959485249d800a179de7f9c53a6
              • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1896 433493-4334b8 WSAStartup 1897 433570-433583 call 411567 1896->1897 1898 4334be-4334df gethostname gethostbyname 1896->1898 1898->1897 1900 4334e5-4334ec 1898->1900 1902 4334ee-4334f0 1900->1902 1903 4334fc-4334fe 1900->1903 1904 4334f3-4334fa 1902->1904 1905 433500-433519 call 411567 WSACleanup 1903->1905 1906 43351a-43356f call 410e60 inet_ntoa call 413650 call 43299a call 411567 call 4111dc WSACleanup 1903->1906 1904->1903 1904->1904
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcscpy$Cleanup$Startup_memmove_strcatgethostbynamegethostnameinet_ntoa
              • String ID: 0.0.0.0
              • API String ID: 1965227024-3771769585
              • Opcode ID: 076f4e753302d8e1360c69636e2804f45f3b9e513b8bc5fd0a6f442411ef1df6
              • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
              • Opcode Fuzzy Hash: 076f4e753302d8e1360c69636e2804f45f3b9e513b8bc5fd0a6f442411ef1df6
              • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8

              Control-flow Graph

              APIs
              • _fseek.LIBCMT ref: 0045292B
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
              • __fread_nolock.LIBCMT ref: 00452961
              • __fread_nolock.LIBCMT ref: 00452971
              • __fread_nolock.LIBCMT ref: 0045298A
              • __fread_nolock.LIBCMT ref: 004529A5
              • _fseek.LIBCMT ref: 004529BF
              • _malloc.LIBCMT ref: 004529CA
              • _malloc.LIBCMT ref: 004529D6
              • __fread_nolock.LIBCMT ref: 004529E7
              • _free.LIBCMT ref: 00452A17
              • _free.LIBCMT ref: 00452A20
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
              • String ID:
              • API String ID: 1255752989-0
              • Opcode ID: 5a218435c829d2321405f0f111fa343c554f0bfb103fe72beee7d734b0ea72ca
              • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
              • Opcode Fuzzy Hash: 5a218435c829d2321405f0f111fa343c554f0bfb103fe72beee7d734b0ea72ca
              • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59

              Control-flow Graph

              APIs
              • GetSysColorBrush.USER32(0000000F), ref: 004104C3
              • RegisterClassExW.USER32(00000030), ref: 004104ED
              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
              • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
              • LoadIconW.USER32(00400000,000000A9), ref: 00410542
              • ImageList_ReplaceIcon.COMCTL32(00AD7CA0,000000FF,00000000), ref: 00410552
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
              • API String ID: 2914291525-1005189915
              • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
              • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
              • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
              • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99

              Control-flow Graph

              APIs
              • GetSysColorBrush.USER32(0000000F), ref: 0041039B
              • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
              • LoadIconW.USER32(?,00000063), ref: 004103C0
              • LoadIconW.USER32(?,000000A4), ref: 004103D3
              • LoadIconW.USER32(?,000000A2), ref: 004103E6
              • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
              • RegisterClassExW.USER32(?), ref: 0041045D
                • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                • Part of subcall function 00410490: RegisterClassExW.USER32(00000030), ref: 004104ED
                • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00AD7CA0,000000FF,00000000), ref: 00410552
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
              • String ID: #$0$AutoIt v3
              • API String ID: 423443420-4155596026
              • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
              • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
              • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
              • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1969 46beb2-46bf55 call 40bc70 * 3 call 40e710 call 45340c call 401b10 call 463980 call 46379b 1986 46bf57-46bf6b call 403c90 1969->1986 1987 46bf70-46bf7c call 436565 1969->1987 1992 46c324-46c347 call 402250 * 3 1986->1992 1993 46bfc5 1987->1993 1994 46bf7e-46bf95 RegConnectRegistryW 1987->1994 1995 46bfc9-46bfe9 RegOpenKeyExW 1993->1995 1997 46bf97-46bfba call 403cd0 call 403c90 1994->1997 1998 46bfbf-46bfc3 1994->1998 1999 46c022-46c055 call 45340c RegQueryValueExW 1995->1999 2000 46bfeb-46c004 call 403cd0 1995->2000 1997->1992 1998->1995 2013 46c057-46c087 call 403cd0 call 403c90 RegCloseKey 1999->2013 2014 46c092-46c0ab call 403cd0 1999->2014 2011 46c006-46c007 RegCloseKey 2000->2011 2012 46c00d-46c01d call 403c90 2000->2012 2011->2012 2012->1992 2013->1992 2033 46c08d 2013->2033 2024 46c0b1 2014->2024 2025 46c2fc-46c307 call 403c90 2014->2025 2024->2025 2029 46c297-46c2c5 call 453132 call 45340c RegQueryValueExW 2024->2029 2030 46c23e-46c275 call 45340c RegQueryValueExW 2024->2030 2031 46c15b-46c1a6 call 4115d7 call 45340c RegQueryValueExW 2024->2031 2032 46c0b8-46c0ff call 4115d7 call 45340c RegQueryValueExW 2024->2032 2035 46c30c-46c31f RegCloseKey 2025->2035 2029->2035 2058 46c2c7-46c2fa call 403cd0 call 403c90 call 408f40 2029->2058 2044 46c277 2030->2044 2045 46c27d-46c295 call 408f40 2030->2045 2056 46c211-46c239 call 403cd0 call 403c90 call 4111dc 2031->2056 2057 46c1a8-46c1bf 2031->2057 2054 46c101-46c125 call 40e710 call 4111dc 2032->2054 2055 46c12a-46c156 call 403cd0 call 403c90 call 4111dc 2032->2055 2039 46c321-46c322 RegCloseKey 2033->2039 2035->1992 2035->2039 2039->1992 2044->2045 2045->2035 2054->2035 2055->2035 2056->2035 2062 46c1c1-46c1c7 2057->2062 2063 46c1fc-46c20c call 40e710 call 4111dc 2057->2063 2058->2035 2069 46c1ce-46c1d2 2062->2069 2070 46c1c9-46c1ca 2062->2070 2063->2035 2072 46c1d4-46c1d9 2069->2072 2073 46c1ed-46c1f3 2069->2073 2070->2069 2079 46c1db-46c1e4 2072->2079 2080 46c1e8-46c1eb 2072->2080 2073->2063 2082 46c1f5-46c1f7 2073->2082 2079->2080 2080->2072 2080->2073 2082->2063
              APIs
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BF8D
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ConnectRegistry_memmove_wcslen
              • String ID:
              • API String ID: 15295421-0
              • Opcode ID: fcc557b5d145bda7a41234848c68b0059db3fb3fa2291f6debca2da08afb315b
              • Instruction ID: 33baa24a15bb30b806ffdc3d4c8c2128b8dbdbb38b4108e5c3e965d5e336c96e
              • Opcode Fuzzy Hash: fcc557b5d145bda7a41234848c68b0059db3fb3fa2291f6debca2da08afb315b
              • Instruction Fuzzy Hash: 89E17471204200ABD714EF69CD85F2BB7E8AF88704F14891EF985DB381D779E941CB9A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _malloc
              • String ID: Default
              • API String ID: 1579825452-753088835
              • Opcode ID: 96b94b5ea291c75f16ccb408ed796c97a1090003cdcd78f997319efbf4763d41
              • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
              • Opcode Fuzzy Hash: 96b94b5ea291c75f16ccb408ed796c97a1090003cdcd78f997319efbf4763d41
              • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2526 40f5c0-40f5cf call 422240 2529 40f5d0-40f5e8 2526->2529 2529->2529 2530 40f5ea-40f613 call 413650 call 410e60 2529->2530 2535 40f614-40f633 call 414d04 2530->2535 2538 40f691 2535->2538 2539 40f635-40f63c 2535->2539 2540 40f696-40f69c 2538->2540 2541 40f660-40f674 call 4150d1 2539->2541 2542 40f63e 2539->2542 2545 40f679-40f67c 2541->2545 2544 40f640 2542->2544 2546 40f642-40f650 2544->2546 2545->2535 2547 40f652-40f655 2546->2547 2548 40f67e-40f68c 2546->2548 2549 40f65b-40f65e 2547->2549 2550 425d1e-425d3e call 4150d1 call 414d04 2547->2550 2551 40f68e-40f68f 2548->2551 2552 40f69f-40f6ad 2548->2552 2549->2541 2549->2544 2562 425d43-425d5f call 414d30 2550->2562 2551->2547 2554 40f6b4-40f6c2 2552->2554 2555 40f6af-40f6b2 2552->2555 2557 425d16 2554->2557 2558 40f6c8-40f6d6 2554->2558 2555->2547 2557->2550 2560 425d05-425d0b 2558->2560 2561 40f6dc-40f6df 2558->2561 2560->2546 2563 425d11 2560->2563 2561->2547 2562->2540 2563->2557
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __fread_nolock_fseek_memmove_strcat
              • String ID: AU3!$EA06
              • API String ID: 1268643489-2658333250
              • Opcode ID: eec17673349e6d1fef762f4766216b85eb19fa57de04761bf77a8f4232215354
              • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
              • Opcode Fuzzy Hash: eec17673349e6d1fef762f4766216b85eb19fa57de04761bf77a8f4232215354
              • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2566 401100-401111 2567 401113-401119 2566->2567 2568 401179-401180 2566->2568 2570 401144-40114a 2567->2570 2571 40111b-40111e 2567->2571 2568->2567 2569 401182 2568->2569 2572 40112c-401141 DefWindowProcW 2569->2572 2574 401184-40118e call 401250 2570->2574 2575 40114c-40114f 2570->2575 2571->2570 2573 401120-401126 2571->2573 2573->2572 2577 42b038-42b03f 2573->2577 2581 401193-40119a 2574->2581 2578 401151-401157 2575->2578 2579 40119d 2575->2579 2577->2572 2580 42b045-42b059 call 401000 call 40e0c0 2577->2580 2584 401219-40121f 2578->2584 2585 40115d 2578->2585 2582 4011a3-4011a9 2579->2582 2583 42afb4-42afc5 call 40f190 2579->2583 2580->2572 2582->2573 2588 4011af 2582->2588 2583->2581 2584->2573 2591 401225-42b06d call 468b0e 2584->2591 2589 401163-401166 2585->2589 2590 42b01d-42b024 2585->2590 2588->2573 2595 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2588->2595 2596 4011db-401202 SetTimer RegisterWindowMessageW 2588->2596 2598 42afe9-42b018 call 40f190 call 401a50 2589->2598 2599 40116c-401172 2589->2599 2590->2572 2597 42b02a-42b033 call 4370f4 2590->2597 2591->2581 2596->2581 2605 401204-401216 CreatePopupMenu 2596->2605 2597->2572 2598->2572 2599->2573 2600 401174-42afde call 45fd57 2599->2600 2600->2572 2617 42afe4 2600->2617 2617->2581
              APIs
              • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
              • KillTimer.USER32(?,00000001,?), ref: 004011B9
              • PostQuitMessage.USER32(00000000), ref: 004011CB
              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
              • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
              • CreatePopupMenu.USER32 ref: 00401204
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
              • String ID: TaskbarCreated
              • API String ID: 129472671-2362178303
              • Opcode ID: 3a68920b2457bf0ecdafc1b2be4b40edda77bb20db2372f596e363752a538359
              • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
              • Opcode Fuzzy Hash: 3a68920b2457bf0ecdafc1b2be4b40edda77bb20db2372f596e363752a538359
              • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
              APIs
                • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
              • _wcslen.LIBCMT ref: 004335F2
              • GetFileAttributesW.KERNEL32(?), ref: 0043361C
              • GetLastError.KERNEL32 ref: 0043362B
              • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
              • _wcsrchr.LIBCMT ref: 00433666
                • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
              • String ID: \
              • API String ID: 321622961-2967466578
              • Opcode ID: 897f869387bbdbfefa5cc47f9cba77109cd5072a721e491b44cbfa9510de6bb7
              • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
              • Opcode Fuzzy Hash: 897f869387bbdbfefa5cc47f9cba77109cd5072a721e491b44cbfa9510de6bb7
              • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
              APIs
              • _malloc.LIBCMT ref: 004115F1
                • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
              • std::exception::exception.LIBCMT ref: 00411626
              • std::exception::exception.LIBCMT ref: 00411640
              • __CxxThrowException@8.LIBCMT ref: 00411651
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
              • String ID: ,*H$4*H$@fI
              • API String ID: 615853336-1459471987
              • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
              • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
              • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
              • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D
              APIs
              • VariantInit.OLEAUT32(?), ref: 0046C96E
                • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Variant$Copy$ClearErrorInitLast
              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
              • API String ID: 3207048006-625585964
              • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
              • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
              • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
              • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
              APIs
              • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
              • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
              • _wcsncpy.LIBCMT ref: 004102ED
              • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
              • _wcsncpy.LIBCMT ref: 00410340
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcsncpy$DesktopFolderFromListMallocPath
              • String ID: C:\Users\user\Desktop\7uJ95NO82G.exe
              • API String ID: 3170942423-3974920478
              • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
              • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
              • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
              • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
              APIs
                • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
              • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
              • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012E2
              • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
              • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
              • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: IconNotifyShell_$Timer$Kill_wcscpy_wcsncpy
              • String ID:
              • API String ID: 3300667738-0
              • Opcode ID: 98bdb4639f13a2aff9c284aaa5c14a4e0db979becac89074174bb9299657736d
              • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
              • Opcode Fuzzy Hash: 98bdb4639f13a2aff9c284aaa5c14a4e0db979becac89074174bb9299657736d
              • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
              APIs
              • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
              • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: QueryValue$CloseOpen
              • String ID: Include$Software\AutoIt v3\AutoIt
              • API String ID: 1586453840-614718249
              • Opcode ID: 745ef64aa2fbb9668b51d20dc45e3911ec94e57b8678bed3badf0bc954fa3e05
              • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
              • Opcode Fuzzy Hash: 745ef64aa2fbb9668b51d20dc45e3911ec94e57b8678bed3badf0bc954fa3e05
              • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
              APIs
              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
              • ShowWindow.USER32(?,00000000), ref: 004105E4
              • ShowWindow.USER32(?,00000000), ref: 004105EE
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$CreateShow
              • String ID: AutoIt v3$edit
              • API String ID: 1584632944-3779509399
              • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
              • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
              • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
              • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Variant$Copy$ClearErrorLast
              • String ID: NULL Pointer assignment$Not an Object type
              • API String ID: 2487901850-572801152
              • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
              • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
              • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
              • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
              APIs
              • OpenSCManagerW.SECHOST(00000000,00000000,00000008,004A90E8,14000000,0042E252), ref: 00432FF8
              • LockServiceDatabase.ADVAPI32(00000000), ref: 00433005
              • UnlockServiceDatabase.ADVAPI32(00000000), ref: 00433010
              • CloseServiceHandle.ADVAPI32(00000000), ref: 00433019
              • GetLastError.KERNEL32 ref: 00433024
              • CloseServiceHandle.ADVAPI32(00000000), ref: 00433034
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
              • String ID:
              • API String ID: 1690418490-0
              • Opcode ID: 9e0ba4b1adc52d5e0b1b4f4059e6a78f5324ad2f54c459c37d760db65bd3d172
              • Instruction ID: 735ec6acd85acabf56193826cd071f2489ef818a13be6dc6b3d06c037ab4ab6a
              • Opcode Fuzzy Hash: 9e0ba4b1adc52d5e0b1b4f4059e6a78f5324ad2f54c459c37d760db65bd3d172
              • Instruction Fuzzy Hash: D5E065315822216BD6261B346E4DBCF37A8EB2F752F141827F701D6250CB998445D7A8
              APIs
              • RegOpenKeyExW.KERNEL32(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
              • RegQueryValueExW.KERNEL32(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
              • RegCloseKey.KERNEL32(?), ref: 0040F2B5
              • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Close$OpenQueryValue
              • String ID: Control Panel\Mouse
              • API String ID: 1607946009-824357125
              • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
              • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
              • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
              • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
              APIs
                • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
              • socket.WS2_32(00000002,00000001,00000006,00000000), ref: 004653FE
              • WSAGetLastError.WSOCK32(00000000), ref: 0046540D
              • connect.WS2_32(00000000,?,00000010), ref: 00465446
              • WSAGetLastError.WSOCK32(00000000), ref: 0046546D
              • closesocket.WSOCK32(00000000,00000000), ref: 00465481
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLast$closesocketconnectinet_addrsocket
              • String ID:
              • API String ID: 245547762-0
              • Opcode ID: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
              • Instruction ID: 0a95abeaf907522bb910ccff47ca5b8cdb65f95d12881c86cce1eb50970c9d0a
              • Opcode Fuzzy Hash: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
              • Instruction Fuzzy Hash: E921F032200510ABD310EF29DC49F6EB7E8EF44725F008A6FF844E72D1DBB4A8418B99
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
              • Instruction ID: c5df29d3d24fc858ebdc5227190e2e918b6fbc7f8fe9fd347d916346834f6d96
              • Opcode Fuzzy Hash: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
              • Instruction Fuzzy Hash: 66E17F75600209AFCB04DF98C880EAEB7B9FF88714F10859AE909DB351D775EE45CBA0
              APIs
                • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
              • gethostbyname.WS2_32(?,00000000,?,?), ref: 0046D42D
              • WSAGetLastError.WSOCK32(00000000), ref: 0046D439
              • _memmove.LIBCMT ref: 0046D475
              • inet_ntoa.WSOCK32(?), ref: 0046D481
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ByteCharErrorLastMultiWide_memmovegethostbynameinet_ntoa
              • String ID:
              • API String ID: 2502553879-0
              • Opcode ID: f168bdbdbb7d615cef21c3de22bdeff00a8e5bc1155fca2d0277e4657a4199f2
              • Instruction ID: 24c3f219ec43f49587972b4c28f02db1d16d05b11a5808876a7c02c26e676da9
              • Opcode Fuzzy Hash: f168bdbdbb7d615cef21c3de22bdeff00a8e5bc1155fca2d0277e4657a4199f2
              • Instruction Fuzzy Hash: A7216F769001046BC700FBA6DD85C9FB7BCEF48318B10486BFC01B7241DA39EE058BA5
              APIs
                • Part of subcall function 0040F760: _strcat.LIBCMT ref: 0040F786
              • _free.LIBCMT ref: 004295A0
                • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_strcat_wcscat_wcscpy
              • String ID: >>>AUTOIT SCRIPT<<<$C:\Users\user\Desktop\7uJ95NO82G.exe
              • API String ID: 3938964917-51605602
              • Opcode ID: 1008eac38231295969a1b237bd14633a861e1048b01f3a7c163b7d51e544d523
              • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
              • Opcode Fuzzy Hash: 1008eac38231295969a1b237bd14633a861e1048b01f3a7c163b7d51e544d523
              • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
              APIs
              • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\7uJ95NO82G.exe,0040F545,C:\Users\user\Desktop\7uJ95NO82G.exe,004A90E8,C:\Users\user\Desktop\7uJ95NO82G.exe,?,0040F545), ref: 0041013C
                • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen
              • String ID: X$pWH
              • API String ID: 85490731-941433119
              • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
              • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
              • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
              • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
              Strings
              • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
              • C:\Users\user\Desktop\7uJ95NO82G.exe, xrefs: 00410107
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _strcat
              • String ID: >>>AUTOIT NO CMDEXECUTE<<<$C:\Users\user\Desktop\7uJ95NO82G.exe
              • API String ID: 1765576173-2877727657
              • Opcode ID: afbcd64a5de9b9cf0401a7756764eed502eca04e8b93ddfb1cf174919bef9872
              • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
              • Opcode Fuzzy Hash: afbcd64a5de9b9cf0401a7756764eed502eca04e8b93ddfb1cf174919bef9872
              • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: afcf258d4bd88d8ea756dbb23f6f5e28355c73968809c2117334dc7dbfffea7a
              • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
              • Opcode Fuzzy Hash: afcf258d4bd88d8ea756dbb23f6f5e28355c73968809c2117334dc7dbfffea7a
              • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __filbuf__getptd_noexit__read_memcpy_s
              • String ID:
              • API String ID: 1794320848-0
              • Opcode ID: 46bae6a85b22b2e6998b893eef9abdde81a4ff8b830947c69d08c34cc75fe5f8
              • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
              • Opcode Fuzzy Hash: 46bae6a85b22b2e6998b893eef9abdde81a4ff8b830947c69d08c34cc75fe5f8
              • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
              APIs
              • GetCurrentProcess.KERNEL32(00000000,?,00000067,000000FF), ref: 004753C7
              • TerminateProcess.KERNEL32(00000000), ref: 004753CE
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Process$CurrentTerminate
              • String ID:
              • API String ID: 2429186680-0
              • Opcode ID: 0f578ce52da9f9b4c714c296b9d78fbd636f242c945bc8d5a468c0e4c8bdb3ba
              • Instruction ID: dddcdfafc98398d1c0f0a19edd80e49036cf45bbfca44c020541658de01b6296
              • Opcode Fuzzy Hash: 0f578ce52da9f9b4c714c296b9d78fbd636f242c945bc8d5a468c0e4c8bdb3ba
              • Instruction Fuzzy Hash: 2C519D71604301AFC710DF65C881BABB7E5EF88308F14891EF9598B382D7B9D945CB96
              APIs
              • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                • Part of subcall function 00403B70: _memmove.LIBCMT ref: 00403BA7
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ByteCharMultiWide$_malloc_memmove
              • String ID: \5@
              • API String ID: 961785871-1309314528
              • Opcode ID: 69c1e7cb35058400842bfd687a39f707712e29ae1fecd1c42f56f5b57b6f6b03
              • Instruction ID: cad64edcdcba5d9ec8cd2b6a335bbe98b4fe19d5968b0e5b1ca7a0aa7405deab
              • Opcode Fuzzy Hash: 69c1e7cb35058400842bfd687a39f707712e29ae1fecd1c42f56f5b57b6f6b03
              • Instruction Fuzzy Hash: 7801D6713402007FE714AB669C86F6B7B9CDB85725F14403ABA09DB2D1D9B1ED008365
              APIs
              • _malloc.LIBCMT ref: 0043214B
                • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
              • _malloc.LIBCMT ref: 0043215D
              • _malloc.LIBCMT ref: 0043216F
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _malloc$AllocateHeap
              • String ID:
              • API String ID: 680241177-0
              • Opcode ID: f71c381a9a4e64bea8472010c286ed0a2169748a03ca4327bb91778eef0474c7
              • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
              • Opcode Fuzzy Hash: f71c381a9a4e64bea8472010c286ed0a2169748a03ca4327bb91778eef0474c7
              • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
              APIs
              • TranslateMessage.USER32(?), ref: 00409556
              • DispatchMessageW.USER32(?), ref: 00409561
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Message$DispatchPeekTranslate
              • String ID:
              • API String ID: 4217535847-0
              • Opcode ID: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
              • Instruction ID: 9fbe2eaaa5ffb99098057fa667d4f29c0aa55754a5137076743fac66577e99fa
              • Opcode Fuzzy Hash: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
              • Instruction Fuzzy Hash: D8F05431554300AAE624D7A18D41F9B76A89F98784F40482EB641962E1EB78D444CB5A
              APIs
              • _free.LIBCMT ref: 0043210A
                • Part of subcall function 00413748: RtlFreeHeap.NTDLL(00000000,00000000,?,00417A5A,00000000), ref: 0041375E
                • Part of subcall function 00413748: GetLastError.KERNEL32(00000000,?,00417A5A,00000000), ref: 00413770
              • _free.LIBCMT ref: 0043211D
              • _free.LIBCMT ref: 00432130
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 471d261c1978e8fd492efb66726f25644d258391566ce7e49abf025be84b45d1
              • Instruction ID: d08fe22c6a524c27e4c6c7bcf1019f14b9a5eff3fc739cf1d41fcb720108e0a5
              • Opcode Fuzzy Hash: 471d261c1978e8fd492efb66726f25644d258391566ce7e49abf025be84b45d1
              • Instruction Fuzzy Hash: 29E092F290071433CD1099219941A87F38C4B15B11F08402AFA15A3301E969FA40C1E9
              APIs
              • __wsplitpath.LIBCMT ref: 004678F7
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • GetLastError.KERNEL32(00000000,00000000), ref: 004679C7
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLast__wsplitpath_malloc
              • String ID:
              • API String ID: 4163294574-0
              • Opcode ID: 4eb00fd2027c101bc4b6a1a9689c90c0b2ca4839fbf5fc8dc7e3f24fd71574f6
              • Instruction ID: 5ded281afda408fdcd401bf2365ceabb828b89a129c607e264fb1023d06c7d2e
              • Opcode Fuzzy Hash: 4eb00fd2027c101bc4b6a1a9689c90c0b2ca4839fbf5fc8dc7e3f24fd71574f6
              • Instruction Fuzzy Hash: FB5126712083018BD710EF75C881A5BB3E5AF84318F044A6EF9559B381EB39ED09CB97
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 147308135f3b21b59fe2a839e0a41f8f843447f64c0a584686d16692fa5d6b25
              • Instruction ID: 87b54257044150471c739d151235b364616bdb39e4aa39848fe8ade81c39f20a
              • Opcode Fuzzy Hash: 147308135f3b21b59fe2a839e0a41f8f843447f64c0a584686d16692fa5d6b25
              • Instruction Fuzzy Hash: 0E519371A00105EBCB14DFA5C8C1EABB7A8AF48344F1481AEF905AB692D77CED45C798
              APIs
              • GetCursorPos.USER32(?), ref: 00476D9C
              • GetForegroundWindow.USER32 ref: 00476DA2
                • Part of subcall function 0043137E: GetWindowRect.USER32(?,?), ref: 00431399
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$CursorForegroundRect
              • String ID:
              • API String ID: 1066937146-0
              • Opcode ID: 64d5885011cfa2bb1c2cc0e3e3ef3e7a49081bddc9b334e8cb07f4d0956804f9
              • Instruction ID: 55ebd84bf59828257d56c9a3402491d5f12838e90fd89218fbbc030d7b306cc7
              • Opcode Fuzzy Hash: 64d5885011cfa2bb1c2cc0e3e3ef3e7a49081bddc9b334e8cb07f4d0956804f9
              • Instruction Fuzzy Hash: 41310472600204ABDB20EF75C881B9EB3A5FF50318F20896EF944AB381DA76AD408794
              APIs
                • Part of subcall function 0040F6F0: _wcslen.LIBCMT ref: 0040F705
                • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00454478,?,00000000,?,?), ref: 0040F71E
                • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 0040F747
              • _strcat.LIBCMT ref: 0040F786
                • Part of subcall function 0040F850: _strlen.LIBCMT ref: 0040F858
                • Part of subcall function 0040F850: _sprintf.LIBCMT ref: 0040F9AE
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ByteCharMultiWide$_sprintf_strcat_strlen_wcslen
              • String ID:
              • API String ID: 3199840319-0
              • Opcode ID: 5a36e6b5e2fb6cec301f9142ab5f98933a1b4c002c0690edd374388e4f550c38
              • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
              • Opcode Fuzzy Hash: 5a36e6b5e2fb6cec301f9142ab5f98933a1b4c002c0690edd374388e4f550c38
              • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
              APIs
              • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 0040D779
              • FreeLibrary.KERNEL32(?), ref: 0040D78E
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FreeInfoLibraryParametersSystem
              • String ID:
              • API String ID: 3403648963-0
              • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
              • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
              • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
              • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
              APIs
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 004613AC
              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004613E7
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$_memmove_wcslen
              • String ID:
              • API String ID: 1589278365-0
              • Opcode ID: 277343c8e82d94b3e9d057e91d11e992137e848ed9b78fb323c0b394f9298046
              • Instruction ID: 97a08093d25c12dededcbb20540d9e966b6334cc13c53f7fb5e1b12164f439a2
              • Opcode Fuzzy Hash: 277343c8e82d94b3e9d057e91d11e992137e848ed9b78fb323c0b394f9298046
              • Instruction Fuzzy Hash: 0B1106322002142BE710AB299C46B9F7388AFA9324F04443BFA059B381EB79ED4543A9
              APIs
              • WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,D29EE858,00000000,00000000,00000000,00000000,?,00000000), ref: 0045F699
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ByteCharMultiWide
              • String ID:
              • API String ID: 626452242-0
              • Opcode ID: 84ba708540bdfedc99a53ceb38c625ce900a8fe4b137e69acde6f2af1e14048f
              • Instruction ID: 12ecedb4b2f596ec27943498662edbbc84865b676a50f637fda156cf7353d85d
              • Opcode Fuzzy Hash: 84ba708540bdfedc99a53ceb38c625ce900a8fe4b137e69acde6f2af1e14048f
              • Instruction Fuzzy Hash: 3B0167713402047FF620A7569C8AF6B775CDB99B69F204026FF08DF291C5B4E8048769
              APIs
              • send.WS2_32(00000000,00000000,00000000,00000000,?,?), ref: 0046D1DE
              • WSAGetLastError.WSOCK32(00000000), ref: 0046D202
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLastsend
              • String ID:
              • API String ID: 1802528911-0
              • Opcode ID: 08100c94a5b43882081f3a723f1166a421bc8f2402b282ab06c57959a902fbcb
              • Instruction ID: 3b0603a3594e44eb825cb878ac43b0a40af82fd82cd75190e916dcf9de0a17b0
              • Opcode Fuzzy Hash: 08100c94a5b43882081f3a723f1166a421bc8f2402b282ab06c57959a902fbcb
              • Instruction Fuzzy Hash: 1D11C476600204AFD310EF69D985B1BB7E8FB88324F10866EF858D7380DA35EC40C7A4
              APIs
              • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
              • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
              • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
              • Opcode Fuzzy Hash: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
              • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
              APIs
              • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • _wcscat.LIBCMT ref: 00428C3F
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FullNamePath_memmove_wcscat_wcslen
              • String ID:
              • API String ID: 189345764-0
              • Opcode ID: e46e242afaff10296e4a00f734983d5d04c1fb392d567faa3e6c1abf181f4cf9
              • Instruction ID: f5d4ec19f1005e902375e0b820bfeb72935bc2067fc0cf2262dcbc71bc046ec6
              • Opcode Fuzzy Hash: e46e242afaff10296e4a00f734983d5d04c1fb392d567faa3e6c1abf181f4cf9
              • Instruction Fuzzy Hash: 4101A571A4020C96CB10EBB1DD85ADF7374DB54304F4045AFA904AB2D1EE799E858BBA
              APIs
              • closesocket.WS2_32(00000000), ref: 00458A12
              • WSAGetLastError.WSOCK32(00000000), ref: 00458A1E
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLastclosesocket
              • String ID:
              • API String ID: 1278161333-0
              • Opcode ID: bf306e21f904ef1f928ecf734edc79bcdc4bd488beb86ac76780d9db2355e57e
              • Instruction ID: fc2bfb36137d5524d6ac1a7e6282314fc31d580a847c7629989848dd0bd4b5f1
              • Opcode Fuzzy Hash: bf306e21f904ef1f928ecf734edc79bcdc4bd488beb86ac76780d9db2355e57e
              • Instruction Fuzzy Hash: AAF03C35204208ABD700EFA9D844E9ABB98EF04755F04C41EFD08DB282CA75E954C7A8
              APIs
                • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
              • __lock_file.LIBCMT ref: 00414A8D
                • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
              • __fclose_nolock.LIBCMT ref: 00414A98
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
              • String ID:
              • API String ID: 2800547568-0
              • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
              • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
              • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
              • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
              APIs
              • timeGetTime.WINMM ref: 0040D3CC
                • Part of subcall function 004091E0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
              • Sleep.KERNEL32(00000000), ref: 0042E19F
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessagePeekSleepTimetime
              • String ID:
              • API String ID: 1792118007-0
              • Opcode ID: b23f761a4926100a078f8ea7e5554c9688d511087b6a7685b7d02aad0cb4bb0e
              • Instruction ID: 26d929e072eec6e6aac8e4f5aec239a67d26821fa4f7aa926e5107a94785e9a2
              • Opcode Fuzzy Hash: b23f761a4926100a078f8ea7e5554c9688d511087b6a7685b7d02aad0cb4bb0e
              • Instruction Fuzzy Hash: 2BF05E302442029BC314AF66D549B6ABBE5AB55350F10053EE91997391DBB0A800CB99
              APIs
              • __lock_file.LIBCMT ref: 00415012
              • __ftell_nolock.LIBCMT ref: 0041501F
                • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __ftell_nolock__getptd_noexit__lock_file
              • String ID:
              • API String ID: 2999321469-0
              • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
              • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
              • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
              • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
              APIs
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • _memmove.LIBCMT ref: 0046FAF1
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _malloc_memmove
              • String ID:
              • API String ID: 1183979061-0
              • Opcode ID: 178d9377da32ee2d85f731f8c359d1aef772cb4075ccaef1cad363b8288ebcaf
              • Instruction ID: 255320ec14e83fec4e4552c633d3a07f96161bd336a5b43614f928d9f0269463
              • Opcode Fuzzy Hash: 178d9377da32ee2d85f731f8c359d1aef772cb4075ccaef1cad363b8288ebcaf
              • Instruction Fuzzy Hash: E551E6722043009BD310EF65DD82F5BB399AF89704F14492FF9859B382DB39E909C79A
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 048ca6e06a355bb8281cee7054b90dc2a656d9f5038e470a569b4245237b2899
              • Instruction ID: a0cb4a685bc4076edb0c92555cc2ccf01117698ee9930ed5143de82f70a35859
              • Opcode Fuzzy Hash: 048ca6e06a355bb8281cee7054b90dc2a656d9f5038e470a569b4245237b2899
              • Instruction Fuzzy Hash: D131A5B46002009BDB20DB26C884F2BB368EF45714B14892FEE4597352D73DE945D7DE
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID:
              • API String ID: 4104443479-0
              • Opcode ID: 8684b78d79f63af4749def3d89a83ea9dddbe09347ca863368f87b509dea6b06
              • Instruction ID: 412edbf2df7bf8c64f36b821a583ca4e96a0f18e0b9aed18a790d0e499aeb9a1
              • Opcode Fuzzy Hash: 8684b78d79f63af4749def3d89a83ea9dddbe09347ca863368f87b509dea6b06
              • Instruction Fuzzy Hash: 60319CB9600A21EFC714DF19C580A62F7E0FF08310B14C57ADA89CB795E774E892CB99
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: select
              • String ID:
              • API String ID: 1274211008-0
              • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
              • Instruction ID: 21b87f0337b3904faf2e49e7d89a80b8c5538d611ad57d97d778efbd48141229
              • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
              • Instruction Fuzzy Hash: 8131F770A00105DBC718DF88E590AAAF7B1FB49310B6486A6E409CF355DB78EDC1CBD9
              APIs
              • SetFilePointerEx.KERNEL32(?,?,00002000,00000000,?,?,00002000), ref: 0040E028
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: d929dfab3d182ab311e7f976f93a7283be01245e5a1eef9e38887aa9c904d61e
              • Instruction ID: 77665f5636f8aa13b7259ebce8dce40215e8c2ccffea67f4db7731d49ba0d040
              • Opcode Fuzzy Hash: d929dfab3d182ab311e7f976f93a7283be01245e5a1eef9e38887aa9c904d61e
              • Instruction Fuzzy Hash: 6C319C71B007159FCB24CF6EC88496BB7F6FB84310B14CA3EE45A93740D679E9458B54
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID:
              • API String ID: 4104443479-0
              • Opcode ID: 74b9a3e9267d692891db11b7a3f3d9d226f073b1e897e8d8312e6b454c136df7
              • Instruction ID: f795c94f21b42bfaa1f1d864c387b497e6b2772b6b59ffbe067e85bcfecebbdf
              • Opcode Fuzzy Hash: 74b9a3e9267d692891db11b7a3f3d9d226f073b1e897e8d8312e6b454c136df7
              • Instruction Fuzzy Hash: 65316170600608EBEF509F12DA816AE7BF4FF45751F20C82AEC99CA611E738D590CB99
              APIs
              • IsWindow.USER32(00000000), ref: 0046F3F1
                • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window_memmove
              • String ID:
              • API String ID: 517827167-0
              • Opcode ID: 9fbfc9f8aed1688e47d472757497f7b005165081132f4017b987863961a9c52e
              • Instruction ID: bb29974ae8a0ca66dd60d7796f545a3f68a626f1234de100ca197a45a268520a
              • Opcode Fuzzy Hash: 9fbfc9f8aed1688e47d472757497f7b005165081132f4017b987863961a9c52e
              • Instruction Fuzzy Hash: 5111CEB22001157AE200AAA6EC80DFBF75CEBD0365F04413BFD0892102DB39A95983B9
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53ac66c0a220e583b8bd8a833cb4d0ab2488ecf71834bb63135a5f6edfec8b4a
              • Instruction ID: fe3c5e01fee558804f1d0cd68762aa03bf47037873853bda5dcd607d85013340
              • Opcode Fuzzy Hash: 53ac66c0a220e583b8bd8a833cb4d0ab2488ecf71834bb63135a5f6edfec8b4a
              • Instruction Fuzzy Hash: 2D118B352046019FDB10DF69D884E96B3E9AF8A314F14856EFD298B362CB35FC41CB95
              APIs
              • _memmove.LIBCMT ref: 00454193
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _malloc_memmove
              • String ID:
              • API String ID: 1183979061-0
              • Opcode ID: 4b4a0083377cc3002ba412c4040cae9b8dd9ebd9bb40a044e6749de80c961713
              • Instruction ID: b7bf8a3162b370cc582f1269759c4cf98c23818cc852772d4725ff46417d7135
              • Opcode Fuzzy Hash: 4b4a0083377cc3002ba412c4040cae9b8dd9ebd9bb40a044e6749de80c961713
              • Instruction Fuzzy Hash: 0E01F572100A006BD620EF5AD880D9BB7ACEFD6328F10452FF96447202D739B49587A9
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID:
              • API String ID: 4104443479-0
              • Opcode ID: cc811048919b6c7ef4f74b3c5e4e09013e32bcdf8af6953485ec2d658df6f175
              • Instruction ID: b3e7a1553a36c1faaa82b8edb37567555b022dc72b4cac51b1468238eecc1d4f
              • Opcode Fuzzy Hash: cc811048919b6c7ef4f74b3c5e4e09013e32bcdf8af6953485ec2d658df6f175
              • Instruction Fuzzy Hash: 8E115EB4A006019FD724DF26C881A23B7E5EF48314B14C83EE65BC7791DA38E841CB14
              APIs
              • ReadFile.KERNEL32(00000000,?,00010000,?,00000000,?,?), ref: 00403962
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FileRead
              • String ID:
              • API String ID: 2738559852-0
              • Opcode ID: 1ad996cfe488015177727b18f2e4922818e6f84b1f02dafd4ea7d02e8d251226
              • Instruction ID: 166f8584a356b396cff84430351b18548b9fac1e31d224f9c9bf96d02c5d03dd
              • Opcode Fuzzy Hash: 1ad996cfe488015177727b18f2e4922818e6f84b1f02dafd4ea7d02e8d251226
              • Instruction Fuzzy Hash: 42111CB1200B019FD320CF55C984F27BBF8AB44711F10892ED5AA96B80D7B4FA45CBA4
              APIs
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • _memmove.LIBCMT ref: 0044C1F2
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _malloc_memmove
              • String ID:
              • API String ID: 1183979061-0
              • Opcode ID: 6174b5f4084f8fc72baa1d8dd7588fc34c2bfe1b2951eef2a7f89965291f557d
              • Instruction ID: 60fa024ef6ba522ef03b0058c27b5a86e99fade8cb479355d4b2ad9ce4e818de
              • Opcode Fuzzy Hash: 6174b5f4084f8fc72baa1d8dd7588fc34c2bfe1b2951eef2a7f89965291f557d
              • Instruction Fuzzy Hash: 25017574504640AFD321EF59C841D67B7E9EF99704B14845EF9D687702C675FC02C7A4
              APIs
              • _wcslen.LIBCMT ref: 00441ECD
                • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$_wcscpy
              • String ID:
              • API String ID: 3469035223-0
              • Opcode ID: 611bdd1bce6b08a39b3ffc0a7d572f0eca65f574359c77a1447a2b24e27a2d60
              • Instruction ID: 2fbb190dad4ce56573c0fa61da4d13feb20fc8bc688041f2d473ed6297838154
              • Opcode Fuzzy Hash: 611bdd1bce6b08a39b3ffc0a7d572f0eca65f574359c77a1447a2b24e27a2d60
              • Instruction Fuzzy Hash: 42F03172600204AFD700DF9DEC8199BB3E8EF88725F14812AFA18D7251D6B5ED458BA5
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __lock_file
              • String ID:
              • API String ID: 3031932315-0
              • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
              • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
              • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
              • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
              APIs
              • _wcslen.LIBCMT ref: 00443D34
                • Part of subcall function 00433D9E: EnumProcesses.PSAPI(?,00000800,?,?,00443D49,?,?,?,004A8178), ref: 00433DBB
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: EnumProcesses_wcslen
              • String ID:
              • API String ID: 3303492691-0
              • Opcode ID: 61840f1e4be6ab7e74efaef90a4495a36a15179c598b7116193463e31052faad
              • Instruction ID: 973e428d5754fd58bf011f848023120356fa753a79d0ada774503799e32604de
              • Opcode Fuzzy Hash: 61840f1e4be6ab7e74efaef90a4495a36a15179c598b7116193463e31052faad
              • Instruction Fuzzy Hash: 05E0E5B3A010187BEA106A4ABC81DCB735CDBCA72EF040027F60887221E229AE0542F9
              APIs
              • WSAStartup.WSOCK32(00000202,?), ref: 004589C6
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Startup
              • String ID:
              • API String ID: 724789610-0
              • Opcode ID: 7202705a9892f4bd4a2423c339a1cc919efe15e3859c0a303b549491d84c9c0e
              • Instruction ID: 50042109da9cb7071167785bc1ba5dfd020c55d47bb24ccc02d0932d492e023f
              • Opcode Fuzzy Hash: 7202705a9892f4bd4a2423c339a1cc919efe15e3859c0a303b549491d84c9c0e
              • Instruction Fuzzy Hash: E0F0A0372043046FD320EE799C56EAB77ECAF85A20F048A2EBDA4C72C5DA75D904C795
              APIs
              • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,004263D0,?,00487ACC,00000003,0040DE90,?,?,00000001), ref: 00443E54
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
              • Instruction ID: f8d6e32d6ecef3e6c51c5ea05c7ff41eb941b2b6d152ec47b845c679c5cedb0e
              • Opcode Fuzzy Hash: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
              • Instruction Fuzzy Hash: 6BE01276100318ABDB10DF98D844FDA77BCEF48765F10891AFA048B200C7B4EA908BE4
              APIs
              • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,?,00002000), ref: 0040E068
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: 2f91a6d7a6c9d76080dcc848e35544f56f2dd8b1f8da7f0a505c2e04f45c5971
              • Instruction ID: 8945df8720cd9eebd038067e403ceee2f4781b994f17f63e488f9437ca0746d3
              • Opcode Fuzzy Hash: 2f91a6d7a6c9d76080dcc848e35544f56f2dd8b1f8da7f0a505c2e04f45c5971
              • Instruction Fuzzy Hash: ACE01275600208BFC704DFA4DC45DAE77B9E748601F008668FD01D7340D671AD5087A5
              APIs
              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 0043633F
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSendTimeout
              • String ID:
              • API String ID: 1599653421-0
              • Opcode ID: 9860d8fd04dca8f4639475c0e949a449d7e9360e0213879cd93aaa3a815527bf
              • Instruction ID: 404f820d5c191ead8adfbb6f72584c17bf9223e8bc32b4a3dee19ec2549da310
              • Opcode Fuzzy Hash: 9860d8fd04dca8f4639475c0e949a449d7e9360e0213879cd93aaa3a815527bf
              • Instruction Fuzzy Hash: 9BD0C97139030876E7248A659D0BF96375C5710F40F5081257B04A91D0D9A0F5408658
              APIs
              • SetWindowTextW.USER32(?,00000000), ref: 0045A417
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: TextWindow
              • String ID:
              • API String ID: 530164218-0
              • Opcode ID: 39ab12bcd539f566f9dea5a3ededab9ed65a5f16605081fb930bde218f2aabbd
              • Instruction ID: 630e00077c8ae74d59962b812fa4adb9c431e8497940f7c51c81685005244029
              • Opcode Fuzzy Hash: 39ab12bcd539f566f9dea5a3ededab9ed65a5f16605081fb930bde218f2aabbd
              • Instruction Fuzzy Hash: 8BD0C975214204AFC340EBA4DC88C2677ECAB987653418829B804CB222C634FD418BA8
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wfsopen
              • String ID:
              • API String ID: 197181222-0
              • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
              • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
              • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
              • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
              APIs
              • SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 004725F0
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FolderPath
              • String ID:
              • API String ID: 1514166925-0
              • Opcode ID: 2de512cec78399c0bf4693007645a811ad418ae9abd944a38d33811ad3ab03e9
              • Instruction ID: dc9a77a9ab6d49dacfa1cff77643056435d6e4e9731ad488e59261afbb404366
              • Opcode Fuzzy Hash: 2de512cec78399c0bf4693007645a811ad418ae9abd944a38d33811ad3ab03e9
              • Instruction Fuzzy Hash: 51C09230388204BAF7284B50CE4FFA82220B714F02F204088B70A380C196E069499A2E
              APIs
              • CloseHandle.KERNEL32(?,?,00426FBF), ref: 0040DA3D
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
              • Instruction ID: 552ddd844a8bbede063c80161f66c4637379340f91e2bb70a518b226642b2913
              • Opcode Fuzzy Hash: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
              • Instruction Fuzzy Hash: B9E045B4A04B008BC6308F5BE444416FBF8EEE46203108E1FD4A6C2A64C3B4A1498F50
              APIs
              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C8E1
              • DefDlgProcW.USER32(?,0000004E,?,?), ref: 0047C8FC
              • GetKeyState.USER32(00000011), ref: 0047C92D
              • GetKeyState.USER32(00000009), ref: 0047C936
              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C949
              • GetKeyState.USER32(00000010), ref: 0047C953
              • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C967
              • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C993
              • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C9B6
              • _wcsncpy.LIBCMT ref: 0047CA29
              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047CA5A
              • SendMessageW.USER32 ref: 0047CA7F
              • InvalidateRect.USER32(?,00000000,00000001), ref: 0047CADF
              • SendMessageW.USER32(?,00001030,?,0047EA68), ref: 0047CB84
              • ImageList_SetDragCursorImage.COMCTL32(00AD7CA0,00000000,00000000,00000000), ref: 0047CB9B
              • ImageList_BeginDrag.COMCTL32(00AD7CA0,00000000,000000F8,000000F0), ref: 0047CBAC
              • SetCapture.USER32(?), ref: 0047CBB6
              • ClientToScreen.USER32(?,?), ref: 0047CC17
              • ImageList_DragEnter.COMCTL32(00000000,?,?,?,?), ref: 0047CC26
              • ReleaseCapture.USER32 ref: 0047CC3A
              • GetCursorPos.USER32(?), ref: 0047CC72
              • ScreenToClient.USER32(?,?), ref: 0047CC80
              • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CCE6
              • SendMessageW.USER32 ref: 0047CD12
              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CD53
              • SendMessageW.USER32 ref: 0047CD80
              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0047CD99
              • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0047CDAA
              • GetCursorPos.USER32(?), ref: 0047CDC8
              • ScreenToClient.USER32(?,?), ref: 0047CDD6
              • GetParent.USER32(00000000), ref: 0047CDF7
              • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CE60
              • SendMessageW.USER32 ref: 0047CE93
              • ClientToScreen.USER32(?,?), ref: 0047CEEE
              • TrackPopupMenuEx.USER32(?,00000000,?,?,03161BD8,00000000,?,?,?,?), ref: 0047CF1C
              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CF46
              • SendMessageW.USER32 ref: 0047CF6B
              • ClientToScreen.USER32(?,?), ref: 0047CFB5
              • TrackPopupMenuEx.USER32(?,00000080,?,?,03161BD8,00000000,?,?,?,?), ref: 0047CFE6
              • GetWindowLongW.USER32(?,000000F0), ref: 0047D086
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$ClientScreen$Image$CursorDragList_State$CaptureLongMenuPopupTrackWindow$BeginEnterInvalidateParentProcRectRelease_wcsncpy
              • String ID: @GUI_DRAGID$F
              • API String ID: 3100379633-4164748364
              • Opcode ID: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
              • Instruction ID: 980357f173c9be8e312ccaa606797ee7157b6525bda81ee0817efdfc4c954517
              • Opcode Fuzzy Hash: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
              • Instruction Fuzzy Hash: F842AD706043419FD714DF28C884FABB7A5FF89700F14865EFA489B291C7B8E846CB5A
              APIs
              • GetForegroundWindow.USER32 ref: 00434420
              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
              • IsIconic.USER32(?), ref: 0043444F
              • ShowWindow.USER32(?,00000009), ref: 0043445C
              • SetForegroundWindow.USER32(?), ref: 0043446A
              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
              • GetCurrentThreadId.KERNEL32 ref: 00434485
              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
              • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
              • SetForegroundWindow.USER32(00000000), ref: 004344B7
              • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
              • keybd_event.USER32(00000012,00000000), ref: 004344CF
              • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
              • keybd_event.USER32(00000012,00000000), ref: 004344E6
              • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
              • keybd_event.USER32(00000012,00000000), ref: 004344FD
              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
              • keybd_event.USER32(00000012,00000000), ref: 00434514
              • SetForegroundWindow.USER32(00000000), ref: 0043451E
              • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
              • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
              • String ID: Shell_TrayWnd
              • API String ID: 2889586943-2988720461
              • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
              • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
              • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
              • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
              APIs
              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
              • CloseHandle.KERNEL32(?), ref: 004463A0
              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004463B8
              • GetProcessWindowStation.USER32 ref: 004463D1
              • SetProcessWindowStation.USER32(00000000), ref: 004463DB
              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
              • _wcslen.LIBCMT ref: 00446498
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • _wcsncpy.LIBCMT ref: 004464C0
              • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
              • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
              • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,000F01FF,00000400), ref: 00446522
              • UnloadUserProfile.USERENV(?,?), ref: 00446555
              • CloseWindowStation.USER32(00000000), ref: 0044656C
              • CloseDesktop.USER32(?), ref: 0044657A
              • SetProcessWindowStation.USER32(?), ref: 00446588
              • CloseHandle.KERNEL32(?), ref: 00446592
              • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_wcslen_wcsncpy
              • String ID: $@OH$default$winsta0
              • API String ID: 3324942560-3791954436
              • Opcode ID: 085eeb622388294b748572136d8187e04d94cea81b667c114b230f06cc38f87f
              • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
              • Opcode Fuzzy Hash: 085eeb622388294b748572136d8187e04d94cea81b667c114b230f06cc38f87f
              • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
              APIs
              • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004788E4
              • FindClose.KERNEL32(00000000), ref: 00478924
              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478949
              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478961
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00478989
              • __swprintf.LIBCMT ref: 004789D3
              • __swprintf.LIBCMT ref: 00478A1D
              • __swprintf.LIBCMT ref: 00478A4B
              • __swprintf.LIBCMT ref: 00478A79
                • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 00413314
                • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 0041332C
              • __swprintf.LIBCMT ref: 00478AA7
              • __swprintf.LIBCMT ref: 00478AD5
              • __swprintf.LIBCMT ref: 00478B03
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem
              • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
              • API String ID: 999945258-2428617273
              • Opcode ID: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
              • Instruction ID: 8fd0730747e081185947bc4026d2fd3d0a29cbe563c255e8678d3cf3417a7967
              • Opcode Fuzzy Hash: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
              • Instruction Fuzzy Hash: 32719772204300ABC310EF55CC85FAFB7E9AF88705F504D2FF645962D1E6B9E944875A
              APIs
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
              • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
              • __wsplitpath.LIBCMT ref: 00403492
                • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
              • _wcscpy.LIBCMT ref: 004034A7
              • _wcscat.LIBCMT ref: 004034BC
              • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
              • _wcscpy.LIBCMT ref: 004035A0
              • _wcslen.LIBCMT ref: 00403623
              • _wcslen.LIBCMT ref: 0040367D
              Strings
              • Unterminated string, xrefs: 00428348
              • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
              • Error opening the file, xrefs: 00428231
              • _, xrefs: 0040371C
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
              • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
              • API String ID: 3393021363-188983378
              • Opcode ID: 1ae11f1dfdeb8dbbdf2f45530bde3e9f5eea01138e7161ab2b5250b7f3660733
              • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
              • Opcode Fuzzy Hash: 1ae11f1dfdeb8dbbdf2f45530bde3e9f5eea01138e7161ab2b5250b7f3660733
              • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
              APIs
              • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
              • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
              • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
              • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
              • FindClose.KERNEL32(00000000), ref: 00431B20
              • FindClose.KERNEL32(00000000), ref: 00431B34
              • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
              • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
              • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
              • FindClose.KERNEL32(00000000), ref: 00431BCD
              • FindClose.KERNEL32(00000000), ref: 00431BDB
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
              • String ID: *.*
              • API String ID: 1409584000-438819550
              • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
              • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
              • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
              • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
              APIs
              • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
              • __swprintf.LIBCMT ref: 00431C2E
              • _wcslen.LIBCMT ref: 00431C3A
              • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
              • String ID: :$\$\??\%s
              • API String ID: 2192556992-3457252023
              • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
              • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
              • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
              • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
              APIs
              • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
              • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
              • FindClose.KERNEL32(00000000), ref: 0044291C
              • FindClose.KERNEL32(00000000), ref: 00442930
              • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
              • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
              • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
              • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
              • FindClose.KERNEL32(00000000), ref: 004429D4
                • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
              • FindClose.KERNEL32(00000000), ref: 004429E2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
              • String ID: *.*
              • API String ID: 2640511053-438819550
              • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
              • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
              • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
              • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
              APIs
              • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
              • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
              • GetLastError.KERNEL32 ref: 00433414
              • ExitWindowsEx.USER32(?,00000000), ref: 00433437
              • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
              • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
              • String ID: SeShutdownPrivilege
              • API String ID: 2938487562-3733053543
              • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
              • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
              • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
              • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
              APIs
                • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
              • GetLengthSid.ADVAPI32(?), ref: 004461D0
              • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
              • GetLengthSid.ADVAPI32(?), ref: 00446241
              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
              • CopySid.ADVAPI32(00000000), ref: 00446271
              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004462D8
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
              • String ID:
              • API String ID: 1255039815-0
              • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
              • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
              • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
              • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
              APIs
              • __swprintf.LIBCMT ref: 00433073
              • __swprintf.LIBCMT ref: 00433085
              • __wcsicoll.LIBCMT ref: 00433092
              • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
              • LoadResource.KERNEL32(?,00000000), ref: 004330BD
              • LockResource.KERNEL32(00000000), ref: 004330CA
              • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
              • LoadResource.KERNEL32(?,00000000), ref: 00433105
              • SizeofResource.KERNEL32(?,00000000), ref: 00433114
              • LockResource.KERNEL32(?), ref: 00433120
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
              • String ID:
              • API String ID: 1158019794-0
              • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
              • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
              • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
              • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
              • String ID:
              • API String ID: 1737998785-0
              • Opcode ID: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
              • Instruction ID: d84b136cee2c902db59abfe4f82a3f409d39725fe24efd6a62fd8a04edebb5dd
              • Opcode Fuzzy Hash: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
              • Instruction Fuzzy Hash: 334114726001119FC310EFA5EC89B5EB7A4FF54315F00856EF909EB3A1EB75A941CB88
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D627
              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D6B5
              • GetLastError.KERNEL32 ref: 0045D6BF
              • SetErrorMode.KERNEL32(00000000,?), ref: 0045D751
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Error$Mode$DiskFreeLastSpace
              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
              • API String ID: 4194297153-14809454
              • Opcode ID: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
              • Instruction ID: 1f300c266cb1daf6abeae651b696e439ee3a0372042695327ab67fb83666ce96
              • Opcode Fuzzy Hash: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
              • Instruction Fuzzy Hash: FE418235D00209DFCB10EFA5C884A9DB7B4FF48315F10846BE905AB352D7799A85CB69
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove$_strncmp
              • String ID: @oH$\$^$h
              • API String ID: 2175499884-3701065813
              • Opcode ID: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
              • Instruction ID: 796dcd1322dc9123c5f4e5533c800aedaabe8dca19c5b95ba0af32eff2573e22
              • Opcode Fuzzy Hash: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
              • Instruction Fuzzy Hash: 4242E170E04249CFEB14CF69C8806AEBBF2FF85304F2481AAD856AB351D7399946CF55
              APIs
              • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 0046530D
              • WSAGetLastError.WSOCK32(00000000), ref: 0046531C
              • bind.WSOCK32(00000000,?,00000010), ref: 00465356
              • WSAGetLastError.WSOCK32(00000000), ref: 00465363
              • closesocket.WSOCK32(00000000,00000000), ref: 00465377
              • listen.WSOCK32(00000000,00000005), ref: 00465381
              • WSAGetLastError.WSOCK32(00000000), ref: 004653A9
              • closesocket.WSOCK32(00000000,00000000), ref: 004653BD
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLast$closesocket$bindlistensocket
              • String ID:
              • API String ID: 540024437-0
              • Opcode ID: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
              • Instruction ID: 689f190a2b8ca197395c4559ba4ec64c13dad074e2778b61c05f6be918bdb8b0
              • Opcode Fuzzy Hash: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
              • Instruction Fuzzy Hash: A8319331200500ABD310EF25DD89B6EB7A8EF44725F10866EF855E73D1DBB4AC818B99
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID: ERCP$VUUU$VUUU$VUUU$XjH
              • API String ID: 0-2872873767
              • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
              • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
              • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
              • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
              APIs
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • FindFirstFileW.KERNEL32(?,?), ref: 004524DF
              • Sleep.KERNEL32(0000000A), ref: 0045250B
              • FindNextFileW.KERNEL32(?,?), ref: 004525E9
              • FindClose.KERNEL32(?), ref: 004525FF
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Find$File$CloseFirstNextSleep_memmove_wcslen
              • String ID: *.*$\VH
              • API String ID: 2786137511-2657498754
              • Opcode ID: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
              • Instruction ID: de376bcde865418ddd8e10142a6165d1fec8b8ecf5afc9fd422e88b207ce0255
              • Opcode Fuzzy Hash: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
              • Instruction Fuzzy Hash: 37417F7190021DABDB14DF64CD58AEE77B4AF49305F14445BEC09A3281E678EE49CB98
              APIs
              • IsDebuggerPresent.KERNEL32 ref: 00421FC1
              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
              • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
              • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
              • TerminateProcess.KERNEL32(00000000), ref: 00422004
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
              • String ID: pqI
              • API String ID: 2579439406-2459173057
              • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
              • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
              • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
              • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
              APIs
              • __wcsicoll.LIBCMT ref: 00433349
              • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 0043335F
              • __wcsicoll.LIBCMT ref: 00433375
              • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043338B
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsicollmouse_event
              • String ID: DOWN
              • API String ID: 1033544147-711622031
              • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
              • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
              • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
              • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
              APIs
              • GetKeyboardState.USER32(?), ref: 0044C3D2
              • SetKeyboardState.USER32(00000080), ref: 0044C3F6
              • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
              • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
              • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: KeyboardMessagePostState$InputSend
              • String ID:
              • API String ID: 3031425849-0
              • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
              • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
              • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
              • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
              APIs
                • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
              • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 0047666F
              • WSAGetLastError.WSOCK32(00000000), ref: 00476692
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLastinet_addrsocket
              • String ID:
              • API String ID: 4170576061-0
              • Opcode ID: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
              • Instruction ID: b6cffcacb6afaf0b8cd9bee7f3c7ce362d61c656181a10c6507bcc72ef542d5a
              • Opcode Fuzzy Hash: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
              • Instruction Fuzzy Hash: 604129326002005BD710EF39DC86F5A73D59F44728F15866FF944AB3C2DABAEC418799
              APIs
                • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
              • IsWindowVisible.USER32 ref: 0047A368
              • IsWindowEnabled.USER32 ref: 0047A378
              • GetForegroundWindow.USER32(?,?,?,00000001), ref: 0047A385
              • IsIconic.USER32 ref: 0047A393
              • IsZoomed.USER32 ref: 0047A3A1
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$EnabledForegroundIconicVisibleZoomed
              • String ID:
              • API String ID: 292994002-0
              • Opcode ID: e73d6ad61345a6a69264b283110bd362a2875110283f9bbef61147e752cec385
              • Instruction ID: 143e3079ffab126fd184b85051f6534cdea6adf6d01d93e69c1b4810180b6228
              • Opcode Fuzzy Hash: e73d6ad61345a6a69264b283110bd362a2875110283f9bbef61147e752cec385
              • Instruction Fuzzy Hash: 8F11A2322001119BE3219F2ADC05B9FB798AF80715F15842FF849E7250DBB8E85187A9
              APIs
                • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
              • CoInitialize.OLE32(00000000), ref: 00478442
              • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0047845B
              • CoUninitialize.OLE32 ref: 0047863C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CreateInitializeInstanceUninitialize_wcslen
              • String ID: .lnk
              • API String ID: 886957087-24824748
              • Opcode ID: ce5596abf2290682f5d0e27f8d223ad7ebd511704512ca1ec9ee83ad8894652b
              • Instruction ID: cf4755465b87a828534c2837f83e1451e93ee4f6fe559e45c0b7480b45348b92
              • Opcode Fuzzy Hash: ce5596abf2290682f5d0e27f8d223ad7ebd511704512ca1ec9ee83ad8894652b
              • Instruction Fuzzy Hash: 17816D70344301AFD210EB54CC82F5AB3E5AFC8B18F10896EF658DB2D1DAB5E945CB96
              APIs
              • OpenClipboard.USER32(?), ref: 0046DCE7
              • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
              • GetClipboardData.USER32(0000000D), ref: 0046DD01
              • CloseClipboard.USER32 ref: 0046DD0D
              • GlobalLock.KERNEL32(00000000), ref: 0046DD37
              • CloseClipboard.USER32 ref: 0046DD41
              • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
              • GetClipboardData.USER32(00000001), ref: 0046DD8D
              • CloseClipboard.USER32 ref: 0046DD99
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
              • String ID:
              • API String ID: 15083398-0
              • Opcode ID: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
              • Instruction ID: df02eb04a95629b292fb88db9571ebb8a4b5ed240788a0c572d8156b6d3d2bc0
              • Opcode Fuzzy Hash: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
              • Instruction Fuzzy Hash: 1A0128326042416BC311BBB99C8596E7B64EF4A324F04097FF984A72C1EB74A912C3A9
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: U$\
              • API String ID: 4104443479-100911408
              • Opcode ID: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
              • Instruction ID: 961864e7757f6edfa256f53df2fe8495351bb1c33360f7104140ceff5b52ad59
              • Opcode Fuzzy Hash: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
              • Instruction Fuzzy Hash: 7002A070E002499FEF28CF69C4907AEBBF2AF95304F2481AED45297381D7396D4ACB55
              APIs
              • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045CB1F
              • FindNextFileW.KERNEL32(00000000,?), ref: 0045CB7C
              • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CBAB
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Find$File$CloseFirstNext
              • String ID:
              • API String ID: 3541575487-0
              • Opcode ID: eae3f5a3b7237ff41c3bf9ab8d31e2e7de6a625c8a14a51f6d4c2f6ae7e73f22
              • Instruction ID: f333144462bda28c064cc07c1e05bb1389ec512a64b809c533c1c3d7cc497df0
              • Opcode Fuzzy Hash: eae3f5a3b7237ff41c3bf9ab8d31e2e7de6a625c8a14a51f6d4c2f6ae7e73f22
              • Instruction Fuzzy Hash: 6741DF716003019FC710EF69D881A9BB3E5FF89315F108A6EE9698B351DB75F844CB94
              APIs
              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
              • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Internet$AvailableDataErrorFileLastQueryRead
              • String ID:
              • API String ID: 901099227-0
              • Opcode ID: a84f1234d60d0bfd4ae1c18445e4b4f4e353c9d3ff10812a8b0aa1e25e6dfae4
              • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
              • Opcode Fuzzy Hash: a84f1234d60d0bfd4ae1c18445e4b4f4e353c9d3ff10812a8b0aa1e25e6dfae4
              • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
              APIs
              • DefDlgProcW.USER32(?,?,?,?), ref: 0047EA9E
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Proc
              • String ID:
              • API String ID: 2346855178-0
              • Opcode ID: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
              • Instruction ID: f892bfb12232205f5f58103f0897237a3558493ed3735c4837d976d353c396a9
              • Opcode Fuzzy Hash: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
              • Instruction Fuzzy Hash: 82B1167330C1182DF218A6AABC81EFF679CD7C5779B10863FF248C55C2D62B5821A1B9
              APIs
              • BlockInput.USER32(00000001), ref: 0045A38B
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: BlockInput
              • String ID:
              • API String ID: 3456056419-0
              • Opcode ID: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
              • Instruction ID: ec784d9e1adcb2c5bdb0852901797f150ca91aa996cd98963819779bf85d9a24
              • Opcode Fuzzy Hash: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
              • Instruction Fuzzy Hash: D8E0DF352002029FC300EF66C84495AB7E8EF94368F10883EFD45D7341EA74E80087A6
              APIs
              • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: LogonUser
              • String ID:
              • API String ID: 1244722697-0
              • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
              • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
              • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
              • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
              APIs
              • SetUnhandledExceptionFilter.KERNEL32(Function_0001F20E), ref: 0041F255
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled
              • String ID:
              • API String ID: 3192549508-0
              • Opcode ID: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
              • Instruction ID: fb0c5f5a3ae0de1c345b26270a1521b23addb5e119a177cdcf8b78f668196b28
              • Opcode Fuzzy Hash: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
              • Instruction Fuzzy Hash: 8190027625150157470417705E1964925905B5960275108BA6D11C8564DAA98089A619
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID: N@
              • API String ID: 0-1509896676
              • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
              • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
              • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
              • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
              • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
              • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
              • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
              • Instruction ID: 2bcfc4213c201322ab01e918109ed7ba488288358e1fe6702c600853dbf8b640
              • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
              • Instruction Fuzzy Hash: 9CC1B473D0E6B3058B35466D45182BFFE626E91B8031FC392DDD03F399C22AADA196D4
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
              • Instruction ID: 7014f9c6c4bb04029b5f83a2624c32223adacf072d8c068e18a9ecb8bc3ae66d
              • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
              • Instruction Fuzzy Hash: 04C1A473D1A6B2058B36476D05182BFFE626E91B8031FC3D6CCD03F299C22AAD9596D4
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
              • Instruction ID: 878ae001d8650add2b069b622ec184fb54f95ec25c04ba16196e518284591b6f
              • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
              • Instruction Fuzzy Hash: FBC19473D0A6B2068B36476D05582BFFE626E91B8131FC3D2CCD03F299C22AAD9595D4
              APIs
              • DeleteObject.GDI32(?), ref: 0045953B
              • DeleteObject.GDI32(?), ref: 00459551
              • DestroyWindow.USER32(?), ref: 00459563
              • GetDesktopWindow.USER32 ref: 00459581
              • GetWindowRect.USER32(00000000), ref: 00459588
              • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0045969E
              • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004596AC
              • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,00000002,00000007,?,?,?,00000000,00000000), ref: 004596E8
              • GetClientRect.USER32(00000000,?), ref: 004596F8
              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 0045973B
              • CreateFileW.KERNEL32(00000000,000001F4,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00459760
              • GetFileSize.KERNEL32(00000000,00000000), ref: 0045977B
              • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00459786
              • GlobalLock.KERNEL32(00000000), ref: 0045978F
              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0045979E
              • GlobalUnlock.KERNEL32(00000000), ref: 004597A5
              • CloseHandle.KERNEL32(00000000), ref: 004597AC
              • CreateStreamOnHGlobal.OLE32(00000000,00000001,000001F4), ref: 004597B9
              • OleLoadPicture.OLEAUT32(000001F4,00000000,00000000,004829F8,00000000), ref: 004597D0
              • GlobalFree.KERNEL32(00000000), ref: 004597E2
              • CopyImage.USER32(50000001,00000000,00000000,00000000,00002000), ref: 0045980E
              • SendMessageW.USER32(00000000,00000172,00000000,50000001), ref: 00459831
              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020), ref: 00459857
              • ShowWindow.USER32(?,00000004), ref: 00459865
              • CreateWindowExW.USER32(00000000,static,00000000,000001F4,50000001,0000000B,0000000B,?,?,?,00000000,00000000), ref: 004598AF
              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004598C3
              • GetStockObject.GDI32(00000011), ref: 004598CD
              • SelectObject.GDI32(00000000,00000000), ref: 004598D5
              • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004598E5
              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004598EE
              • DeleteDC.GDI32(00000000), ref: 004598F8
              • _wcslen.LIBCMT ref: 00459916
              • _wcscpy.LIBCMT ref: 0045993A
              • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004599DB
              • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 004599EF
              • GetDC.USER32(00000000), ref: 004599FC
              • SelectObject.GDI32(00000000,?), ref: 00459A0C
              • SelectObject.GDI32(00000000,00000007), ref: 00459A37
              • ReleaseDC.USER32(00000000,00000000), ref: 00459A42
              • MoveWindow.USER32(00000000,0000000B,?,?,00000190,00000001), ref: 00459A5F
              • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00459A6D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
              • String ID: $AutoIt v3$DISPLAY$static
              • API String ID: 4040870279-2373415609
              • Opcode ID: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
              • Instruction ID: 0470743097681e939cd033c9659fc80dd101af82a4c7fdd8c03ae3a829a790b9
              • Opcode Fuzzy Hash: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
              • Instruction Fuzzy Hash: 92027D71600204EFDB14DF64CD89FAE7BB9BB48305F108569FA05AB292D7B4ED05CB68
              APIs
              • GetSysColor.USER32(00000012), ref: 0044181E
              • SetTextColor.GDI32(?,?), ref: 00441826
              • GetSysColorBrush.USER32(0000000F), ref: 0044183D
              • GetSysColor.USER32(0000000F), ref: 00441849
              • SetBkColor.GDI32(?,?), ref: 00441864
              • SelectObject.GDI32(?,?), ref: 00441874
              • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
              • GetSysColor.USER32(00000010), ref: 004418B2
              • CreateSolidBrush.GDI32(00000000), ref: 004418B9
              • FrameRect.USER32(?,?,00000000), ref: 004418CA
              • DeleteObject.GDI32(?), ref: 004418D5
              • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
              • FillRect.USER32(?,?,?), ref: 00441970
                • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
              • String ID:
              • API String ID: 69173610-0
              • Opcode ID: 968320240e9075e600d8cfd58e564eb8809eef9a0291d110b17a3aa458e277f5
              • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
              • Opcode Fuzzy Hash: 968320240e9075e600d8cfd58e564eb8809eef9a0291d110b17a3aa458e277f5
              • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
              APIs
              • DestroyWindow.USER32(?), ref: 004590F2
              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004591AF
              • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004591EF
              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00459200
              • CreateWindowExW.USER32(00000008,AutoIt v3,00000000,?,88C00000,?,?,?,00000001,?,00000000,00000000), ref: 00459242
              • GetClientRect.USER32(00000000,?), ref: 0045924E
              • CreateWindowExW.USER32(00000000,static,00000000,?,50000000,?,00000004,00000500,00000018,?,00000000,00000000), ref: 00459290
              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004592A2
              • GetStockObject.GDI32(00000011), ref: 004592AC
              • SelectObject.GDI32(00000000,00000000), ref: 004592B4
              • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004592C4
              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004592CD
              • DeleteDC.GDI32(00000000), ref: 004592D6
              • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0045931C
              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00459334
              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,?,00000000,00000000,00000000), ref: 0045936E
              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00459382
              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00459393
              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,?,00000000,00000000,00000000), ref: 004593C8
              • GetStockObject.GDI32(00000011), ref: 004593D3
              • SendMessageW.USER32(?,00000030,00000000), ref: 004593E3
              • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004593EE
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
              • API String ID: 2910397461-517079104
              • Opcode ID: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
              • Instruction ID: c5562805fc82c6770b180505aab83e69ed0b4cba248239bed49a3b83ebf26fc7
              • Opcode Fuzzy Hash: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
              • Instruction Fuzzy Hash: 71A18371B40214BFEB14DF64CD8AFAE7769AB44711F208529FB05BB2D1D6B4AD00CB68
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsnicmp
              • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
              • API String ID: 1038674560-3360698832
              • Opcode ID: 60e7c0ccc2de36542d37a783a5f9e034653244a609c45985bfd1ff28648e5169
              • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
              • Opcode Fuzzy Hash: 60e7c0ccc2de36542d37a783a5f9e034653244a609c45985bfd1ff28648e5169
              • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
              APIs
              • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
              • SetCursor.USER32(00000000), ref: 0043075B
              • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
              • SetCursor.USER32(00000000), ref: 00430773
              • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
              • SetCursor.USER32(00000000), ref: 0043078B
              • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
              • SetCursor.USER32(00000000), ref: 004307A3
              • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
              • SetCursor.USER32(00000000), ref: 004307BB
              • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
              • SetCursor.USER32(00000000), ref: 004307D3
              • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
              • SetCursor.USER32(00000000), ref: 004307EB
              • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
              • SetCursor.USER32(00000000), ref: 00430803
              • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
              • SetCursor.USER32(00000000), ref: 0043081B
              • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
              • SetCursor.USER32(00000000), ref: 00430833
              • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
              • SetCursor.USER32(00000000), ref: 0043084B
              • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
              • SetCursor.USER32(00000000), ref: 00430863
              • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
              • SetCursor.USER32(00000000), ref: 0043087B
              • SetCursor.USER32(00000000), ref: 00430887
              • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
              • SetCursor.USER32(00000000), ref: 0043089F
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Cursor$Load
              • String ID:
              • API String ID: 1675784387-0
              • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
              • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
              • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
              • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
              APIs
              • GetSysColor.USER32(0000000E), ref: 00430913
              • SetTextColor.GDI32(?,00000000), ref: 0043091B
              • GetSysColor.USER32(00000012), ref: 00430933
              • SetTextColor.GDI32(?,?), ref: 0043093B
              • GetSysColorBrush.USER32(0000000F), ref: 0043094E
              • GetSysColor.USER32(0000000F), ref: 00430959
              • CreateSolidBrush.GDI32(?), ref: 00430962
              • GetSysColor.USER32(00000011), ref: 00430979
              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
              • SelectObject.GDI32(?,00000000), ref: 0043099C
              • SetBkColor.GDI32(?,?), ref: 004309A6
              • SelectObject.GDI32(?,?), ref: 004309B4
              • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
              • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
              • GetWindowTextW.USER32(00000000,00000000,?), ref: 00430A5A
              • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
              • DrawFocusRect.USER32(?,?), ref: 00430A91
              • GetSysColor.USER32(00000011), ref: 00430A9F
              • SetTextColor.GDI32(?,00000000), ref: 00430AA7
              • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
              • SelectObject.GDI32(?,?), ref: 00430AD0
              • DeleteObject.GDI32(00000105), ref: 00430ADC
              • SelectObject.GDI32(?,?), ref: 00430AE3
              • DeleteObject.GDI32(?), ref: 00430AE9
              • SetTextColor.GDI32(?,?), ref: 00430AF0
              • SetBkColor.GDI32(?,?), ref: 00430AFB
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
              • String ID:
              • API String ID: 1582027408-0
              • Opcode ID: 7d19fb6a95213f6405e7b55d16814bafa9afa6be60c0582cc3be53d088e0ce0b
              • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
              • Opcode Fuzzy Hash: 7d19fb6a95213f6405e7b55d16814bafa9afa6be60c0582cc3be53d088e0ce0b
              • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
              APIs
              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BAE6
              • RegCreateKeyExW.ADVAPI32(?,?,00000000,00484EA8,00000000,?,00000000,?,?,?), ref: 0046BB40
              • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000), ref: 0046BB8A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CloseConnectCreateRegistry
              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
              • API String ID: 3217815495-966354055
              • Opcode ID: ef926d5c6d99dcce03ac735c32bffa25c8292cca915351e64d6df0a5ffeeb956
              • Instruction ID: 14c723365299aea1e32a80c9e2d98689f85295d348ed372ee81e16963ac3f886
              • Opcode Fuzzy Hash: ef926d5c6d99dcce03ac735c32bffa25c8292cca915351e64d6df0a5ffeeb956
              • Instruction Fuzzy Hash: BCE18171604200ABD710EF65C885F1BB7E8EF88704F14895EB949DB352D739ED41CBA9
              APIs
              • GetCursorPos.USER32(?), ref: 004566AE
              • GetDesktopWindow.USER32 ref: 004566C3
              • GetWindowRect.USER32(00000000), ref: 004566CA
              • GetWindowLongW.USER32(?,000000F0), ref: 00456722
              • GetWindowLongW.USER32(?,000000F0), ref: 00456735
              • DestroyWindow.USER32(?), ref: 00456746
              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456794
              • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 004567B2
              • SendMessageW.USER32(?,00000418,00000000,?), ref: 004567C6
              • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567D6
              • SendMessageW.USER32(?,00000421,?,?), ref: 004567F6
              • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 0045680C
              • IsWindowVisible.USER32(?), ref: 0045682C
              • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00456848
              • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 0045685C
              • GetWindowRect.USER32(?,?), ref: 00456873
              • MonitorFromPoint.USER32(?,00000001,00000002), ref: 00456891
              • GetMonitorInfoW.USER32(00000000,?), ref: 004568A9
              • CopyRect.USER32(?,?), ref: 004568BE
              • SendMessageW.USER32(?,00000412,00000000), ref: 00456914
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSendWindow$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
              • String ID: ($,$tooltips_class32
              • API String ID: 225202481-3320066284
              • Opcode ID: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
              • Instruction ID: fcdb4dd5bfb9c4cfeeadc9569793f3eee26ed74f2078e1bfb0220ba6a1b85fea
              • Opcode Fuzzy Hash: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
              • Instruction Fuzzy Hash: 4CB17170A00205AFDB54DFA4CD85BAEB7B4BF48304F10895DE919BB282D778A949CB58
              APIs
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • GetWindowRect.USER32(?,?), ref: 00471CF7
              • GetClientRect.USER32(?,?), ref: 00471D05
              • GetSystemMetrics.USER32(00000007), ref: 00471D0D
              • GetSystemMetrics.USER32(00000008), ref: 00471D20
              • GetSystemMetrics.USER32(00000004), ref: 00471D42
              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471D71
              • GetSystemMetrics.USER32(00000007), ref: 00471D79
              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471DA3
              • GetSystemMetrics.USER32(00000008), ref: 00471DAB
              • GetSystemMetrics.USER32(00000004), ref: 00471DCF
              • SetRect.USER32(?,00000000,00000000,?,?), ref: 00471DEE
              • AdjustWindowRectEx.USER32(?,?,00000000,00000040), ref: 00471DFF
              • CreateWindowExW.USER32(00000040,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 00471E35
              • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00471E6E
              • GetClientRect.USER32(?,?), ref: 00471E8A
              • GetStockObject.GDI32(00000011), ref: 00471EA6
              • SendMessageW.USER32(?,00000030,00000000), ref: 00471EB2
              • SetTimer.USER32(00000000,00000000,00000028,00462986), ref: 00471ED9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
              • String ID: @$AutoIt v3 GUI
              • API String ID: 867697134-3359773793
              • Opcode ID: f09f2a2b6cca380f9ede19f0122a88a3538efa9583e86f2b72b74e79f194809b
              • Instruction ID: 8cf5fd9e7b0abf2f472dad9b41bae804ea9cb1b32c1b51d65689880f1cfe2d6c
              • Opcode Fuzzy Hash: f09f2a2b6cca380f9ede19f0122a88a3538efa9583e86f2b72b74e79f194809b
              • Instruction Fuzzy Hash: 7DC17F71A402059FDB14DFA8DD85BAF77B4FB58714F10862EFA09A7290DB78A840CB58
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsicoll$__wcsnicmp
              • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
              • API String ID: 790654849-32604322
              • Opcode ID: fda3356f9a514e75ac50708b2e0f549657cc7649cef593225b85309bc7d45243
              • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
              • Opcode Fuzzy Hash: fda3356f9a514e75ac50708b2e0f549657cc7649cef593225b85309bc7d45243
              • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b537bf701ea12e89650d63974c288d1e235ac3d60868bf3b384b600ba53b304
              • Instruction ID: 62dae473257cc2caee0a49c5626d46440081d624880130feb25903cd50123649
              • Opcode Fuzzy Hash: 7b537bf701ea12e89650d63974c288d1e235ac3d60868bf3b384b600ba53b304
              • Instruction Fuzzy Hash: 84C128727002046BE724CFA8DC46FAFB7A4EF55311F00416AFA05DA2C1EBB99909C795
              APIs
                • Part of subcall function 00442C5A: __time64.LIBCMT ref: 00442C66
              • _fseek.LIBCMT ref: 00452B3B
              • __wsplitpath.LIBCMT ref: 00452B9B
              • _wcscpy.LIBCMT ref: 00452BB0
              • _wcscat.LIBCMT ref: 00452BC5
              • __wsplitpath.LIBCMT ref: 00452BEF
              • _wcscat.LIBCMT ref: 00452C07
              • _wcscat.LIBCMT ref: 00452C1C
              • __fread_nolock.LIBCMT ref: 00452C53
              • __fread_nolock.LIBCMT ref: 00452C64
              • __fread_nolock.LIBCMT ref: 00452C83
              • __fread_nolock.LIBCMT ref: 00452C94
              • __fread_nolock.LIBCMT ref: 00452CB5
              • __fread_nolock.LIBCMT ref: 00452CC6
              • __fread_nolock.LIBCMT ref: 00452CD7
              • __fread_nolock.LIBCMT ref: 00452CE8
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
              • __fread_nolock.LIBCMT ref: 00452D78
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
              • String ID:
              • API String ID: 2054058615-0
              • Opcode ID: 16751231f627f523c88f132cda79c50bb15a1bc55685e90069e40721a5715fa4
              • Instruction ID: 04d0e47ed4a2b248740d2851a73093f1b496c65d3ae4d984919b8c0089c9d159
              • Opcode Fuzzy Hash: 16751231f627f523c88f132cda79c50bb15a1bc55685e90069e40721a5715fa4
              • Instruction Fuzzy Hash: 6FC14EB2508340ABD720DF65D881EEFB7E8EFC9704F40492FF68987241E6759548CB66
              APIs
              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window
              • String ID: 0
              • API String ID: 2353593579-4108050209
              • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
              • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
              • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
              • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
              APIs
              • GetSysColor.USER32(0000000F), ref: 0044A05E
              • GetClientRect.USER32(?,?), ref: 0044A0D1
              • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
              • GetWindowDC.USER32(?), ref: 0044A0F6
              • GetPixel.GDI32(00000000,?,?), ref: 0044A108
              • ReleaseDC.USER32(?,?), ref: 0044A11B
              • GetSysColor.USER32(0000000F), ref: 0044A131
              • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
              • GetSysColor.USER32(0000000F), ref: 0044A14F
              • GetSysColor.USER32(00000005), ref: 0044A15B
              • GetWindowDC.USER32(?), ref: 0044A1BE
              • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
              • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
              • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
              • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
              • ReleaseDC.USER32(?,00000000), ref: 0044A229
              • SetBkColor.GDI32(?,00000000), ref: 0044A24C
              • GetSysColor.USER32(00000008), ref: 0044A265
              • SetTextColor.GDI32(?,00000000), ref: 0044A270
              • SetBkMode.GDI32(?,00000001), ref: 0044A282
              • GetStockObject.GDI32(00000005), ref: 0044A28A
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
              • String ID:
              • API String ID: 1744303182-0
              • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
              • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
              • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
              • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
              APIs
              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004164DE), ref: 00417C28
              • __mtterm.LIBCMT ref: 00417C34
                • Part of subcall function 004178FF: TlsFree.KERNEL32(00000017,00417D96,?,004164DE), ref: 0041792A
                • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000000,00000000,00410E44,?,00417D96,?,004164DE), ref: 004181B8
                • Part of subcall function 004178FF: _free.LIBCMT ref: 004181BB
                • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000017,00410E44,?,00417D96,?,004164DE), ref: 004181E2
              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00417C4A
              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00417C57
              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00417C64
              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00417C71
              • TlsAlloc.KERNEL32(?,004164DE), ref: 00417CC1
              • TlsSetValue.KERNEL32(00000000,?,004164DE), ref: 00417CDC
              • __init_pointers.LIBCMT ref: 00417CE6
              • __calloc_crt.LIBCMT ref: 00417D54
              • GetCurrentThreadId.KERNEL32 ref: 00417D80
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
              • API String ID: 4163708885-3819984048
              • Opcode ID: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
              • Instruction ID: ca22d9d2e1075830452d52834408fe47c465c3b6ac2468b12672dd77d4d5938c
              • Opcode Fuzzy Hash: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
              • Instruction Fuzzy Hash: D5315A75808710DECB10AF75BD0865A3EB8BB60764B12093FE914932B0DB7D8881CF9C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID: >>>AUTOIT SCRIPT<<<$\
              • API String ID: 0-1896584978
              • Opcode ID: c7b3ca60bbd7daa56e48a85a1f5ff4706a5dc4aec21eac7656b22477555bf00a
              • Instruction ID: daa296ce3da71eb1ea4b2d74bac6de3536c6b190185545f0361092b1072d42a3
              • Opcode Fuzzy Hash: c7b3ca60bbd7daa56e48a85a1f5ff4706a5dc4aec21eac7656b22477555bf00a
              • Instruction Fuzzy Hash: 4081B9B1900204ABCB20EB61CD85FDB73ED9F54304F40859EF505AB142EA39EA85CB99
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsicoll$IconLoad
              • String ID: blank$info$question$stop$warning
              • API String ID: 2485277191-404129466
              • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
              • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
              • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
              • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
              APIs
              • LoadIconW.USER32(?,00000063), ref: 0045464C
              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045465E
              • SetWindowTextW.USER32(?,?), ref: 00454678
              • GetDlgItem.USER32(?,000003EA), ref: 00454690
              • SetWindowTextW.USER32(00000000,?), ref: 00454697
              • GetDlgItem.USER32(?,000003E9), ref: 004546A8
              • SetWindowTextW.USER32(00000000,?), ref: 004546AF
              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004546D1
              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 004546EB
              • GetWindowRect.USER32(?,?), ref: 004546F5
              • SetWindowTextW.USER32(?,?), ref: 00454765
              • GetDesktopWindow.USER32 ref: 0045476F
              • GetWindowRect.USER32(00000000), ref: 00454776
              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004547C4
              • GetClientRect.USER32(?,?), ref: 004547D2
              • PostMessageW.USER32(?,00000005,00000000,00000080), ref: 004547FC
              • SetTimer.USER32(?,0000040A,?,00000000), ref: 0045483F
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
              • String ID:
              • API String ID: 3869813825-0
              • Opcode ID: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
              • Instruction ID: 23cbb84c7db07f79204f7fb68ef1a354279dd66d41dce19f663d7a5246859b32
              • Opcode Fuzzy Hash: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
              • Instruction Fuzzy Hash: 06619D75A00705ABD720DFA8CE89F6FB7F8AB48705F00491DEA46A7290D778E944CB54
              APIs
              • _wcslen.LIBCMT ref: 00464B28
              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B38
              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B60
              • _wcslen.LIBCMT ref: 00464C28
              • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?), ref: 00464C3C
              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00464C64
              • _wcslen.LIBCMT ref: 00464CBA
              • _wcslen.LIBCMT ref: 00464CD0
              • _wcslen.LIBCMT ref: 00464CEF
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$Directory$CurrentSystem
              • String ID: D
              • API String ID: 1914653954-2746444292
              • Opcode ID: 4ccf65bb48a79b6662065aea85307188b654a1eefcea2636aab48cd38f0a33f1
              • Instruction ID: cb0983c86ca1fa87ccea60adda1cf5635047c5df12380c224dcb23d097980814
              • Opcode Fuzzy Hash: 4ccf65bb48a79b6662065aea85307188b654a1eefcea2636aab48cd38f0a33f1
              • Instruction Fuzzy Hash: 98E101716043409BD710EF65C845B6BB7E4AFC4308F148D2EF98987392EB39E945CB9A
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsicoll
              • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
              • API String ID: 3832890014-4202584635
              • Opcode ID: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
              • Instruction ID: 3b59ed03df0c76d23b576b9f0bbd6b5c96606bf3e4c0b80e5c93e428ec3f30be
              • Opcode Fuzzy Hash: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
              • Instruction Fuzzy Hash: AB117772A4422512E91072657C03BFF219CCF1177AF14487BF90DE5A82FB4EDA9541ED
              APIs
              • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 0046A0C9
              • GetFocus.USER32 ref: 0046A0DD
              • GetDlgCtrlID.USER32(00000000), ref: 0046A0E8
              • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046A13C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessagePost$CtrlFocus
              • String ID: 0
              • API String ID: 1534620443-4108050209
              • Opcode ID: a13793eeca20873bed0e0cbcd40216c5b8680ae9489207a9283854a311db8931
              • Instruction ID: bf3f5449e9a8ba554bb586fd0597798874618ae7c394ba8af81d11134a55f14d
              • Opcode Fuzzy Hash: a13793eeca20873bed0e0cbcd40216c5b8680ae9489207a9283854a311db8931
              • Instruction Fuzzy Hash: 9791AD71604711AFE710CF14D884BABB7A4FB85314F004A1EF991A7381E7B9D895CBAB
              APIs
              • DestroyWindow.USER32(?), ref: 004558E3
              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0045592C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$CreateDestroy
              • String ID: ,$tooltips_class32
              • API String ID: 1109047481-3856767331
              • Opcode ID: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
              • Instruction ID: 3e2a402d8ef05c983ab6a33f0f0d51d253aadf8c8a2d9d50fdabec1795fb524a
              • Opcode Fuzzy Hash: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
              • Instruction Fuzzy Hash: AE71AD71650208AFE720CF58DC84FBA77B8FB59310F20851AFD45AB391DA74AD46CB98
              APIs
              • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
              • GetMenuItemCount.USER32(?), ref: 00468C45
              • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
              • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
              • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
              • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
              • GetMenuItemCount.USER32 ref: 00468CFD
              • SetMenuItemInfoW.USER32(?,00000004,00000000,00000030), ref: 00468D35
              • GetCursorPos.USER32(?), ref: 00468D3F
              • SetForegroundWindow.USER32(?), ref: 00468D49
              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
              • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
              • String ID: 0
              • API String ID: 1441871840-4108050209
              • Opcode ID: 07587df8a471d518792fccb5aa1665f6bc623426d2a925fe0db1080b86145506
              • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
              • Opcode Fuzzy Hash: 07587df8a471d518792fccb5aa1665f6bc623426d2a925fe0db1080b86145506
              • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
              APIs
              • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
              • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
              • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
              • __swprintf.LIBCMT ref: 00460915
              • __swprintf.LIBCMT ref: 0046092D
              • _wprintf.LIBCMT ref: 004609E1
              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
              • API String ID: 3631882475-2268648507
              • Opcode ID: fa3f6862133619af0c8d91bc8d1f7a2e71e3d76ca5879c2374ca29fe6f13d18d
              • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
              • Opcode Fuzzy Hash: fa3f6862133619af0c8d91bc8d1f7a2e71e3d76ca5879c2374ca29fe6f13d18d
              • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
              APIs
              • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004716C7
              • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 004716E1
              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00471711
              • SendMessageW.USER32 ref: 00471740
              • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 00471779
              • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0047179A
              • ImageList_Create.COMCTL32(00000020,00000020,00000021,00000000,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 004717B0
              • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 004717D3
              • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004717F8
              • ImageList_ReplaceIcon.COMCTL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 00471807
              • SendMessageW.USER32 ref: 0047184F
              • SendMessageW.USER32(?,0000104C,00000000,00000002), ref: 00471872
              • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00471890
              • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 0047189C
              • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004718A2
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$Icon$ImageList_$CreateDestroyExtractReplace
              • String ID:
              • API String ID: 4116747274-0
              • Opcode ID: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
              • Instruction ID: aa77b4eb3e0d334a4980849760fe45b072e458157f6a66894e70986bfe60c355
              • Opcode Fuzzy Hash: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
              • Instruction Fuzzy Hash: 39617D75A00209AFEB10DF68CD85FEEB7B4FB48710F10855AF618AB2D0D7B4A981CB54
              APIs
              • GetClassNameW.USER32(?,?,00000100), ref: 00461678
              • _wcslen.LIBCMT ref: 00461683
              • __swprintf.LIBCMT ref: 00461721
              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00461794
              • GetClassNameW.USER32(?,?,00000400), ref: 00461811
              • GetDlgCtrlID.USER32(?), ref: 00461869
              • GetWindowRect.USER32(?,?), ref: 004618A4
              • GetParent.USER32(?), ref: 004618C3
              • ScreenToClient.USER32(00000000), ref: 004618CA
              • GetClassNameW.USER32(?,?,00000100), ref: 00461941
              • GetWindowTextW.USER32(?,?,00000400), ref: 0046197E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
              • String ID: %s%u
              • API String ID: 1899580136-679674701
              • Opcode ID: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
              • Instruction ID: 362d1c13b2509f288ecdbc272899e32e1bd8f20a7ba75cfa55bfcaf2deda5cb5
              • Opcode Fuzzy Hash: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
              • Instruction Fuzzy Hash: 1DA1B2715043019FDB10DF55C884BAB73A8FF84314F08896EFD899B255E738E94ACBA6
              APIs
              • GetDC.USER32(00000000), ref: 0043143E
              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
              • CreateCompatibleDC.GDI32(00000000), ref: 00431459
              • SelectObject.GDI32(00000000,?), ref: 00431466
              • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
              • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
              • String ID: (
              • API String ID: 3300687185-3887548279
              • Opcode ID: 65a1b1ff13ae5f7692b5f6e5db2ee7b51e3bf7457fdcd422f9f89af13ec22597
              • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
              • Opcode Fuzzy Hash: 65a1b1ff13ae5f7692b5f6e5db2ee7b51e3bf7457fdcd422f9f89af13ec22597
              • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
              APIs
                • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
              • GetDriveTypeW.KERNEL32 ref: 0045DB32
              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DB78
              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBB3
              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBED
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: SendString$_wcslen$BuffCharDriveLowerType_memmove
              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
              • API String ID: 1976180769-4113822522
              • Opcode ID: 0f6c8a3de1c9442f7f3474ab6782275dee6e5c09c811d69c53e3fb1fd536eda6
              • Instruction ID: 81dc6b2e9a5b1b7ac5bd11c7175921e379baf9e0c2b27e14ed053c07c028f3b1
              • Opcode Fuzzy Hash: 0f6c8a3de1c9442f7f3474ab6782275dee6e5c09c811d69c53e3fb1fd536eda6
              • Instruction Fuzzy Hash: 75516E715043049FD710EF21C981B5EB3E4BF88304F14896FF995AB292D7B8E909CB5A
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$_wcsncpy$LocalTime__fassign
              • String ID:
              • API String ID: 461458858-0
              • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
              • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
              • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
              • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
              APIs
              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
              • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
              • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
              • GlobalLock.KERNEL32(00000000), ref: 004300F6
              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
              • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
              • CloseHandle.KERNEL32(00000000), ref: 00430113
              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
              • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
              • GlobalFree.KERNEL32(00000000), ref: 00430150
              • GetObjectW.GDI32(?,00000018,?), ref: 00430177
              • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004301A8
              • DeleteObject.GDI32(?), ref: 004301D0
              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
              • String ID:
              • API String ID: 3969911579-0
              • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
              • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
              • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
              • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
              • String ID: 0
              • API String ID: 956284711-4108050209
              • Opcode ID: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
              • Instruction ID: b5af5d15e8ca477bb279da78e69062a53aed449fe0dbaae2e4c2ef00f9b57ed5
              • Opcode Fuzzy Hash: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
              • Instruction Fuzzy Hash: 91412770200601AFD714DF64D9A8B6B77A8BF48302F10896DFD45CB292D778E848CFA9
              APIs
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045F5D5
              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F5EC
              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045F5FE
              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045F611
              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F61E
              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045F634
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: SendString$_memmove_wcslen
              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
              • API String ID: 369157077-1007645807
              • Opcode ID: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
              • Instruction ID: e81aaa69409cfefceaf3864659f825962b2ddf67c6d06b6a861a29a56a66176d
              • Opcode Fuzzy Hash: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
              • Instruction Fuzzy Hash: 7F21A83168021D66E720FB95DC46FFE7368AF40700F20087BFA14B71D1DAB4A949879D
              APIs
              • GetParent.USER32 ref: 00445BF8
              • GetClassNameW.USER32(00000000,?,00000100), ref: 00445C0D
              • __wcsicoll.LIBCMT ref: 00445C33
              • __wcsicoll.LIBCMT ref: 00445C4F
              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445CA9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsicoll$ClassMessageNameParentSend
              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
              • API String ID: 3125838495-3381328864
              • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
              • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
              • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
              • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
              APIs
              • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
              • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
              • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
              • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
              • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
              • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
              • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
              • SendMessageW.USER32(?,00000402,?), ref: 00449399
              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$CharNext
              • String ID:
              • API String ID: 1350042424-0
              • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
              • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
              • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
              • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
              APIs
                • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
              • GetDriveTypeW.KERNEL32(?), ref: 004787B9
              • _wcscpy.LIBCMT ref: 004787E5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: BuffCharDriveLowerType_wcscpy_wcslen
              • String ID: \VH$a$all$cdrom$fixed$network$ramdisk$removable$unknown
              • API String ID: 3052893215-2127371420
              • Opcode ID: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
              • Instruction ID: 541bc2b2506c052d744bcb7e7e177e26c036821b53f5a58429f0f0853ea8de24
              • Opcode Fuzzy Hash: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
              • Instruction Fuzzy Hash: 4761C1716443018BD700EF14CC85B9BB7D4AB84348F14892FF949AB382DB79E94987AB
              APIs
              • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
              • __swprintf.LIBCMT ref: 0045E7F7
              • _wprintf.LIBCMT ref: 0045E8B3
              • _wprintf.LIBCMT ref: 0045E8D7
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
              • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
              • API String ID: 2295938435-2354261254
              • Opcode ID: 44e01960a33580a095bbf2e3e13559187395cafc70d58b6b713acd2f3f366ced
              • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
              • Opcode Fuzzy Hash: 44e01960a33580a095bbf2e3e13559187395cafc70d58b6b713acd2f3f366ced
              • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __swprintf_wcscpy$__i64tow__itow
              • String ID: %.15g$0x%p$False$True
              • API String ID: 3038501623-2263619337
              • Opcode ID: 2ce20e6d9579d55740c891b56cbf848a6c8d79a2ef0612a05eaa021a2f41914d
              • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
              • Opcode Fuzzy Hash: 2ce20e6d9579d55740c891b56cbf848a6c8d79a2ef0612a05eaa021a2f41914d
              • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
              APIs
              • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
              • __swprintf.LIBCMT ref: 0045E5F6
              • _wprintf.LIBCMT ref: 0045E6A3
              • _wprintf.LIBCMT ref: 0045E6C7
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
              • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
              • API String ID: 2295938435-8599901
              • Opcode ID: 97ebc5a5c228c2a30bddf96a7da616a93a1f5c8b5e746e323a0bc296dbc3a2d1
              • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
              • Opcode Fuzzy Hash: 97ebc5a5c228c2a30bddf96a7da616a93a1f5c8b5e746e323a0bc296dbc3a2d1
              • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
              APIs
              • timeGetTime.WINMM ref: 00443B67
                • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
              • Sleep.KERNEL32(0000000A), ref: 00443B9F
              • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00443BC8
              • SetActiveWindow.USER32(00000000), ref: 00443BEC
              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
              • SendMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00443C22
              • Sleep.KERNEL32(000000FA), ref: 00443C2D
              • IsWindow.USER32(00000000), ref: 00443C3A
              • EndDialog.USER32(00000000,00000000), ref: 00443C4C
                • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
              • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
              • String ID: BUTTON
              • API String ID: 1834419854-3405671355
              • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
              • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
              • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
              • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
              APIs
              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
              • LoadStringW.USER32(00000000), ref: 00454040
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • _wprintf.LIBCMT ref: 00454074
              • __swprintf.LIBCMT ref: 004540A3
              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
              • API String ID: 455036304-4153970271
              • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
              • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
              • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
              • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
              APIs
              • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
              • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
              • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
              • _memmove.LIBCMT ref: 00467EB8
              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
              • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
              • _memmove.LIBCMT ref: 00467F6C
              • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
              • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
              • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
              • String ID:
              • API String ID: 2170234536-0
              • Opcode ID: 41a2085762b778bd090c4eb4d83ea17da09509ac4ed3f8b2896fc2a1aa5f0729
              • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
              • Opcode Fuzzy Hash: 41a2085762b778bd090c4eb4d83ea17da09509ac4ed3f8b2896fc2a1aa5f0729
              • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
              APIs
              • GetKeyboardState.USER32(?), ref: 00453CE0
              • SetKeyboardState.USER32(?), ref: 00453D3B
              • GetAsyncKeyState.USER32(000000A0), ref: 00453D5E
              • GetKeyState.USER32(000000A0), ref: 00453D75
              • GetAsyncKeyState.USER32(000000A1), ref: 00453DA4
              • GetKeyState.USER32(000000A1), ref: 00453DB5
              • GetAsyncKeyState.USER32(00000011), ref: 00453DE1
              • GetKeyState.USER32(00000011), ref: 00453DEF
              • GetAsyncKeyState.USER32(00000012), ref: 00453E18
              • GetKeyState.USER32(00000012), ref: 00453E26
              • GetAsyncKeyState.USER32(0000005B), ref: 00453E4F
              • GetKeyState.USER32(0000005B), ref: 00453E5D
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: State$Async$Keyboard
              • String ID:
              • API String ID: 541375521-0
              • Opcode ID: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
              • Instruction ID: 009fbf1908f75ed0a62addf5985db529f64a747a45b1090b1102dc3b9208550d
              • Opcode Fuzzy Hash: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
              • Instruction Fuzzy Hash: BC61DD3190478829FB329F6488057EBBBF45F12346F08459ED9C2162C3D7AC6B4CCB65
              APIs
              • GetDlgItem.USER32(?,00000001), ref: 004357DB
              • GetWindowRect.USER32(00000000,?), ref: 004357ED
              • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
              • GetDlgItem.USER32(?,00000002), ref: 0043586A
              • GetWindowRect.USER32(00000000,?), ref: 0043587C
              • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
              • GetDlgItem.USER32(?,000003E9), ref: 004358DC
              • GetWindowRect.USER32(00000000,?), ref: 004358EE
              • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
              • GetDlgItem.USER32(?,000003EA), ref: 00435941
              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
              • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$ItemMoveRect$Invalidate
              • String ID:
              • API String ID: 3096461208-0
              • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
              • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
              • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
              • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
              APIs
              • GetWindowLongW.USER32(?,000000F0), ref: 004714DC
              • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 004714F7
              • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00471510
              • DeleteObject.GDI32(?), ref: 0047151E
              • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,000000F0), ref: 0047152C
              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0047156F
              • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 00471588
              • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004715A9
              • DestroyIcon.USER32(?,?,?,?,?,?,000000F0), ref: 004715CD
              • SendMessageW.USER32(?,000000F7,00000001,?), ref: 004715DC
              • DeleteObject.GDI32(?), ref: 004715EA
              • DestroyIcon.USER32(?,?,000000F7,00000001,?,?,?,?,?,?,000000F0), ref: 004715F8
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Icon$DestroyMessageSend$DeleteImageLoadObject$ExtractLongWindow
              • String ID:
              • API String ID: 3218148540-0
              • Opcode ID: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
              • Instruction ID: 6a50b90733f0312424b7b906018c15bc054940e4c1588362709ca6bab20dc4d5
              • Opcode Fuzzy Hash: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
              • Instruction Fuzzy Hash: D2419231740206ABDB209F69DD49FEB77A8EB84711F10452AFA46E72D0DBB4E805C768
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
              • String ID:
              • API String ID: 136442275-0
              • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
              • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
              • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
              • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
              APIs
              • _wcsncpy.LIBCMT ref: 00467490
              • _wcsncpy.LIBCMT ref: 004674BC
                • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
              • _wcstok.LIBCMT ref: 004674FF
                • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
              • _wcstok.LIBCMT ref: 004675B2
              • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
              • _wcslen.LIBCMT ref: 00467793
              • _wcscpy.LIBCMT ref: 00467641
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • _wcslen.LIBCMT ref: 004677BD
              • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$FileName_memmove_wcscpy_wcsncpy_wcstok$OpenSave__getptd
              • String ID: X
              • API String ID: 3104067586-3081909835
              • Opcode ID: 586739b5af10ab6a27040bdf934aaf5c7783a8e579d2e4ee52fa46d4cb7881a6
              • Instruction ID: 683e1e2944aeccc99b179fad4e52216d38d827d7da526ed866e93360804c4864
              • Opcode Fuzzy Hash: 586739b5af10ab6a27040bdf934aaf5c7783a8e579d2e4ee52fa46d4cb7881a6
              • Instruction Fuzzy Hash: 69C1C5306083009BD310FF65C985A5FB7E4AF84318F108D2EF559972A2EB78ED45CB9A
              APIs
              • OleInitialize.OLE32(00000000), ref: 0046CBC7
              • CLSIDFromProgID.OLE32(?,?), ref: 0046CBDF
              • CLSIDFromString.OLE32(?,?), ref: 0046CBF1
              • CoCreateInstance.OLE32(?,?,00000005,00482998,?), ref: 0046CC56
              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0046CCCA
              • _wcslen.LIBCMT ref: 0046CDB0
              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0046CE33
              • CoTaskMemFree.OLE32(?), ref: 0046CE42
              • CoSetProxyBlanket.OLE32(?,?,?,?,?,?,?,00000800), ref: 0046CE85
                • Part of subcall function 00468070: VariantInit.OLEAUT32(00000000), ref: 004680B0
                • Part of subcall function 00468070: VariantCopy.OLEAUT32(00000000,00479A50), ref: 004680BA
                • Part of subcall function 00468070: VariantClear.OLEAUT32 ref: 004680C7
              Strings
              • NULL Pointer assignment, xrefs: 0046CEA6
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Variant$CreateFromInitializeInstance$BlanketClearCopyFreeInitProgProxySecurityStringTask_wcslen
              • String ID: NULL Pointer assignment
              • API String ID: 440038798-2785691316
              • Opcode ID: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
              • Instruction ID: 7aab634462a7dbcbf958abac95e41bd58996b502d0213671d322085b5631b432
              • Opcode Fuzzy Hash: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
              • Instruction Fuzzy Hash: 74B13FB1D00229AFDB10DFA5CC85FEEB7B8EF48700F10855AF909A7281EB745A45CB95
              APIs
              • GetClassNameW.USER32(?,?,00000400), ref: 00461056
              • GetWindowTextW.USER32(?,?,00000400), ref: 00461092
              • _wcslen.LIBCMT ref: 004610A3
              • CharUpperBuffW.USER32(?,00000000), ref: 004610B1
              • GetClassNameW.USER32(?,?,00000400), ref: 00461124
              • GetWindowTextW.USER32(?,?,00000400), ref: 0046115D
              • GetClassNameW.USER32(?,?,00000400), ref: 004611A1
              • GetClassNameW.USER32(?,?,00000400), ref: 004611D9
              • GetWindowRect.USER32(?,?), ref: 00461248
                • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ClassName$Window$Text$BuffCharRectUpper_memmove_wcslen
              • String ID: ThumbnailClass
              • API String ID: 4136854206-1241985126
              • Opcode ID: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
              • Instruction ID: 9bdbaadfe46dce382da1609a4111f175dadd43cf518d3c7fb815d390e9d71813
              • Opcode Fuzzy Hash: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
              • Instruction Fuzzy Hash: D991F3715043009FCB14DF51C881BAB77A8EF89719F08895FFD84A6252E738E946CBA7
              APIs
              • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 004718C7
              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00471922
              • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 00471947
              • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 00471960
              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004719E0
              • SendMessageW.USER32(?,0000113F,00000000,00000032), ref: 00471A0D
              • GetClientRect.USER32(?,?), ref: 00471A1A
              • RedrawWindow.USER32(?,?,00000000,00000000), ref: 00471A29
              • DestroyIcon.USER32(?), ref: 00471AF4
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
              • String ID: 2
              • API String ID: 1331449709-450215437
              • Opcode ID: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
              • Instruction ID: 8a8bfaa361b8e4ad447499ed02e60938d35b352fbee86dd909721fc396438cf5
              • Opcode Fuzzy Hash: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
              • Instruction Fuzzy Hash: 19519070A00209AFDB10CF98CD95BEEB7B5FF49310F10815AEA09AB3A1D7B4AD41CB55
              APIs
              • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
              • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
              • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
              • __swprintf.LIBCMT ref: 00460915
              • __swprintf.LIBCMT ref: 0046092D
              • _wprintf.LIBCMT ref: 004609E1
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: HandleLoadModuleString__swprintf$_memmove_wcslen_wprintf
              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d:$^ ERROR
              • API String ID: 3054410614-2561132961
              • Opcode ID: 525672c6318f03bf5c80d6cc28fa1f1d99bb47d67e8ddb41e80830938e70613e
              • Instruction ID: 8ea7bd36613c7ff98b4c02c5a019b599898316a67ab96f708308d0ed756dbd7a
              • Opcode Fuzzy Hash: 525672c6318f03bf5c80d6cc28fa1f1d99bb47d67e8ddb41e80830938e70613e
              • Instruction Fuzzy Hash: 654183B29001099BDB00FBD1DC9AAEF7778EF44354F45403AF504B7192EB78AA45CBA9
              APIs
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00458721
              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0045873E
              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0045875C
              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 0045878A
              • CLSIDFromString.OLE32(?,?), ref: 004587B3
              • RegCloseKey.ADVAPI32(000001FE), ref: 004587BF
              • RegCloseKey.ADVAPI32(?), ref: 004587C5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_wcslen
              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
              • API String ID: 600699880-22481851
              • Opcode ID: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
              • Instruction ID: 095cb2d92039a6881e8bf561e9cb0619f72fc8c68408713302cc045b8cca0367
              • Opcode Fuzzy Hash: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
              • Instruction Fuzzy Hash: 58415275D0020DABCB04EBA4DC45ADE77B8EF48304F10846EE914B7291EF78A909CB94
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: DestroyWindow
              • String ID: static
              • API String ID: 3375834691-2160076837
              • Opcode ID: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
              • Instruction ID: e571488c54e010bbe3192cf51c39f0d33963e2fa0fa89bc12fd4c8100c345edb
              • Opcode Fuzzy Hash: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
              • Instruction Fuzzy Hash: 2C41B375200205ABDB149F64DC85FEB33A8EF89725F20472AFA15E72C0D7B4E841CB68
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D959
              • GetDriveTypeW.KERNEL32(?,?), ref: 0045D9AB
              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045DA4B
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$DriveType
              • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$\VH
              • API String ID: 2907320926-3566645568
              • Opcode ID: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
              • Instruction ID: 8c6a7395db7573f60177d60b7e789de744ab79b943898383e565048f237880a7
              • Opcode Fuzzy Hash: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
              • Instruction Fuzzy Hash: B7316E35A042049BCB10FFA9C48595EB771FF88315B1088ABFD05AB392C739DD45CB6A
              APIs
                • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
              • DestroyAcceleratorTable.USER32(?), ref: 0047094A
              • ImageList_Destroy.COMCTL32(?), ref: 004709AD
              • ImageList_Destroy.COMCTL32(?), ref: 004709C5
              • ImageList_Destroy.COMCTL32(?), ref: 004709D5
              • DeleteObject.GDI32(?), ref: 00470A04
              • DestroyIcon.USER32(?), ref: 00470A1C
              • DeleteObject.GDI32(?), ref: 00470A34
              • DestroyWindow.USER32(?), ref: 00470A4C
              • DestroyIcon.USER32(?), ref: 00470A73
              • DestroyIcon.USER32(?), ref: 00470A81
              • KillTimer.USER32(00000000,00000000), ref: 00470B00
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateKillRectTableTimerWindow
              • String ID:
              • API String ID: 1237572874-0
              • Opcode ID: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
              • Instruction ID: 3938066daea6daae9dc0c39577387909b3bcb8112bd91d3310d64c2ecda3814a
              • Opcode Fuzzy Hash: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
              • Instruction Fuzzy Hash: 24616874601201CFE714DF65DD94FAA77B8FB6A304B54856EE6098B3A2CB38EC41CB58
              APIs
              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
              • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
              • VariantInit.OLEAUT32(?), ref: 004793E1
              • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
              • VariantCopy.OLEAUT32(?,?), ref: 00479461
              • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
              • VariantClear.OLEAUT32(?), ref: 00479489
              • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
              • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
              • VariantClear.OLEAUT32(?), ref: 004794CA
              • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
              • String ID:
              • API String ID: 2706829360-0
              • Opcode ID: 23f20de2412018a08f4578d4e0f12eac70a18aacfa0f9406534bc12fd33cd3b0
              • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
              • Opcode Fuzzy Hash: 23f20de2412018a08f4578d4e0f12eac70a18aacfa0f9406534bc12fd33cd3b0
              • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
              APIs
              • GetKeyboardState.USER32(?), ref: 0044480E
              • GetAsyncKeyState.USER32(000000A0), ref: 00444899
              • GetKeyState.USER32(000000A0), ref: 004448AA
              • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
              • GetKeyState.USER32(000000A1), ref: 004448D9
              • GetAsyncKeyState.USER32(00000011), ref: 004448F5
              • GetKeyState.USER32(00000011), ref: 00444903
              • GetAsyncKeyState.USER32(00000012), ref: 0044491F
              • GetKeyState.USER32(00000012), ref: 0044492D
              • GetAsyncKeyState.USER32(0000005B), ref: 00444949
              • GetKeyState.USER32(0000005B), ref: 00444958
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: State$Async$Keyboard
              • String ID:
              • API String ID: 541375521-0
              • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
              • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
              • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
              • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: InitVariant$_malloc_wcscpy_wcslen
              • String ID:
              • API String ID: 3413494760-0
              • Opcode ID: f5e40c8b900fee1b1836114e96baa7676a5d0ea0456728bbb6ba58b9775705ba
              • Instruction ID: 93a03e1dde4748921c3f7e50244c45dc9774a8ad470eaa8d68eb3f4e8808ad8d
              • Opcode Fuzzy Hash: f5e40c8b900fee1b1836114e96baa7676a5d0ea0456728bbb6ba58b9775705ba
              • Instruction Fuzzy Hash: 33414BB260070AAFC754DF69C880A86BBE8FF48314F00862AE619C7750D775E564CBE5
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AddressProc_free_malloc$_strcat_strlen
              • String ID: AU3_FreeVar
              • API String ID: 2634073740-771828931
              • Opcode ID: 0205934085a73e828eb836af54efcf0b2f745960cf3f8f52847b126bcd632882
              • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
              • Opcode Fuzzy Hash: 0205934085a73e828eb836af54efcf0b2f745960cf3f8f52847b126bcd632882
              • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
              APIs
              • CoInitialize.OLE32 ref: 0046C63A
              • CoUninitialize.OLE32 ref: 0046C645
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                • Part of subcall function 0044CB87: CreateDispTypeInfo.OLEAUT32(?,00000800,?), ref: 0044CBD4
                • Part of subcall function 0044CB87: CreateStdDispatch.OLEAUT32(00000000,?,?,?), ref: 0044CBF4
              • CLSIDFromProgID.OLE32(00000000,?), ref: 0046C694
              • CLSIDFromString.OLE32(00000000,?), ref: 0046C6A4
              • CoCreateInstance.OLE32(?,00000000,00000017,00482998,?), ref: 0046C6CD
              • IIDFromString.OLE32(?,?), ref: 0046C705
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CreateFrom$String$DispDispatchInfoInitializeInstanceProgTypeUninitialize_malloc
              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
              • API String ID: 2294789929-1287834457
              • Opcode ID: 0c20d40775bfce32cf04661d64601a772ae0601135a746145f676a0c56776114
              • Instruction ID: adb6a6f601bf1a612e569d1fac1689f55b30b767fcafa950e0578031a668eb85
              • Opcode Fuzzy Hash: 0c20d40775bfce32cf04661d64601a772ae0601135a746145f676a0c56776114
              • Instruction Fuzzy Hash: B861BC712043019FD710EF21D885B7BB3E8FB84715F10891EF9859B241E779E909CBAA
              APIs
                • Part of subcall function 00456391: GetCursorPos.USER32(?), ref: 004563A6
                • Part of subcall function 00456391: ScreenToClient.USER32(?,?), ref: 004563C3
                • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456400
                • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456410
              • DefDlgProcW.USER32(?,00000205,?,?), ref: 00471145
              • ImageList_DragLeave.COMCTL32(00000000), ref: 00471163
              • ImageList_EndDrag.COMCTL32 ref: 00471169
              • ReleaseCapture.USER32 ref: 0047116F
              • SetWindowTextW.USER32(?,00000000), ref: 00471206
              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00471216
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
              • String ID: @GUI_DRAGFILE$@GUI_DROPID
              • API String ID: 2483343779-2107944366
              • Opcode ID: 20a5a3ce7c175183900f948b12cd71fc676271c7bfbce6bb48b8262f94f29e03
              • Instruction ID: f70d9246110d4513cc5ea0640624bfdb04bec8758509bedf4130776013c57ff9
              • Opcode Fuzzy Hash: 20a5a3ce7c175183900f948b12cd71fc676271c7bfbce6bb48b8262f94f29e03
              • Instruction Fuzzy Hash: D751E5706002109FD700EF59CC85BAF77A5FB89310F004A6EF945A72E2DB789D45CBAA
              APIs
              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004506A0
              • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004506B4
              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004506D5
              • _wcslen.LIBCMT ref: 00450720
              • _wcscat.LIBCMT ref: 00450733
              • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045074C
              • SendMessageW.USER32(?,00001061,?,?), ref: 0045077E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$Window_wcscat_wcslen
              • String ID: -----$SysListView32
              • API String ID: 4008455318-3975388722
              • Opcode ID: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
              • Instruction ID: d83f74bd31ff7b91e94eebeff09b40632409ca0fd113a8de7250d6f1aa6a1b31
              • Opcode Fuzzy Hash: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
              • Instruction Fuzzy Hash: 9C51D470500308ABDB24CF64CD89FEE77A5EF98304F10065EF944A72C2D3B99959CB58
              APIs
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469C73
              • GetDlgCtrlID.USER32(00000000), ref: 00469C84
              • GetParent.USER32 ref: 00469C98
              • SendMessageW.USER32(00000000,?,00000111), ref: 00469C9F
              • GetDlgCtrlID.USER32(00000000), ref: 00469CA5
              • GetParent.USER32 ref: 00469CBC
              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469CC3
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$CtrlParent$_memmove_wcslen
              • String ID: ComboBox$ListBox
              • API String ID: 2360848162-1403004172
              • Opcode ID: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
              • Instruction ID: b77daa4920d68b7dc7b38413de7e2b04daab878370679d8231203fb1b5b646ea
              • Opcode Fuzzy Hash: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
              • Instruction Fuzzy Hash: 0121E7716001187BDB00AB69CC85ABF779CEB85320F00855BFA149B2D1D6B8D845C7A5
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcscpy$FolderUninitialize$BrowseDesktopFromInitializeListMallocPath
              • String ID:
              • API String ID: 262282135-0
              • Opcode ID: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
              • Instruction ID: f209a7e015878e5ef66622a864ec89938c936514b9877fb167e893f071c19078
              • Opcode Fuzzy Hash: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
              • Instruction Fuzzy Hash: 25718275900208AFCB14EF95C9849DEB7B9EF88304F00899AE9099B312D735EE45CF64
              APIs
              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
              • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
              • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
              • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
              • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
              • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
              • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$LongWindow
              • String ID:
              • API String ID: 312131281-0
              • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
              • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
              • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
              • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
              APIs
              • GetCurrentThreadId.KERNEL32 ref: 00434643
              • GetForegroundWindow.USER32(00000000), ref: 00434655
              • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
              • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
              • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
              • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
              • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Thread$AttachInput$Window$Process$CurrentForeground
              • String ID:
              • API String ID: 2156557900-0
              • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
              • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
              • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
              • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
              • API String ID: 0-1603158881
              • Opcode ID: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
              • Instruction ID: 400245e8055df5988f0e80dfbae95eacb55e3b8a933f722a5dc1e2c8929bf265
              • Opcode Fuzzy Hash: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
              • Instruction Fuzzy Hash: FAA162B5800204ABDF00EF61D8C1BEA3368AF54349F58857BEC096B146EB7D6909D77A
              APIs
              • CreateMenu.USER32 ref: 00448603
              • SetMenu.USER32(?,00000000), ref: 00448613
              • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448697
              • IsMenu.USER32(?), ref: 004486AB
              • CreatePopupMenu.USER32 ref: 004486B5
              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004486EC
              • DrawMenuBar.USER32 ref: 004486F5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Menu$CreateItem$DrawInfoInsertPopup
              • String ID: 0
              • API String ID: 161812096-4108050209
              • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
              • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
              • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
              • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
              APIs
              • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,C:\Users\user\Desktop\7uJ95NO82G.exe), ref: 00434057
              • LoadStringW.USER32(00000000), ref: 00434060
              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
              • LoadStringW.USER32(00000000), ref: 00434078
              • _wprintf.LIBCMT ref: 004340A1
              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
              Strings
              • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
              • C:\Users\user\Desktop\7uJ95NO82G.exe, xrefs: 00434040
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: HandleLoadModuleString$Message_wprintf
              • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\7uJ95NO82G.exe
              • API String ID: 3648134473-484784144
              • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
              • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
              • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
              • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 188122189b9452a505016c06d8ba248ffe651971d3887cf1879f87b6948aab2c
              • Instruction ID: 0df76164974c5272bb459d6cb57aadea20bc0786d7edd9cc69ce034119999088
              • Opcode Fuzzy Hash: 188122189b9452a505016c06d8ba248ffe651971d3887cf1879f87b6948aab2c
              • Instruction Fuzzy Hash: 10A1CE726083009FD310EF65D886B5BB3E9EBC4718F108E2EF559E7281D679E804CB96
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
              • Instruction ID: d12da5a9263b129e99c802cec43d72d92cc496201e336192e500ad81068e5f87
              • Opcode Fuzzy Hash: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
              • Instruction Fuzzy Hash: D7519C70600305ABEB20DF69CC81F9B77A8AB08715F50462AFE05DB3C1E7B5E8588B58
              APIs
                • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\7uJ95NO82G.exe,0040F545,C:\Users\user\Desktop\7uJ95NO82G.exe,004A90E8,C:\Users\user\Desktop\7uJ95NO82G.exe,?,0040F545), ref: 0041013C
                • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
              • lstrcmpiW.KERNEL32(?,?), ref: 00453900
              • MoveFileW.KERNEL32(?,?), ref: 00453932
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: File$AttributesFullMoveNamePathlstrcmpi
              • String ID:
              • API String ID: 978794511-0
              • Opcode ID: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
              • Instruction ID: 27746a5f3a3ee1b1e58f24b17d6851fe0efcb48f315c8e59f2eb92c6bb7fc6f1
              • Opcode Fuzzy Hash: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
              • Instruction Fuzzy Hash: 295155B2C0021996CF20EFA1DD45BEEB379AF44305F0445DEEA0DA3101EB79AB98CB55
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
              • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
              • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
              • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ClearVariant
              • String ID:
              • API String ID: 1473721057-0
              • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
              • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
              • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
              • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove$_memcmp
              • String ID: '$\$h
              • API String ID: 2205784470-1303700344
              • Opcode ID: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
              • Instruction ID: e67660c870af743a7fabfec7c4e9e8b186464fd05e4f656457aecd1ba61caca8
              • Opcode Fuzzy Hash: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
              • Instruction Fuzzy Hash: 5CE1C070A002498FDB18CFA9D8806BEFBF2FF89304F28816ED84697341D778A945CB54
              APIs
              • VariantInit.OLEAUT32(00000000), ref: 0045EA56
              • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
              • VariantClear.OLEAUT32 ref: 0045EA6D
              • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
              • __swprintf.LIBCMT ref: 0045EC33
              • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
              Strings
              • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Variant$InitTime$ClearCopySystem__swprintf
              • String ID: %4d%02d%02d%02d%02d%02d
              • API String ID: 2441338619-1568723262
              • Opcode ID: 171f71b85d3c9f602a9cf2bf0ea761bb1ae378d90707365a6319007a951a65bb
              • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
              • Opcode Fuzzy Hash: 171f71b85d3c9f602a9cf2bf0ea761bb1ae378d90707365a6319007a951a65bb
              • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
              APIs
              • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
              • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
              • Sleep.KERNEL32(0000000A), ref: 0042C67F
              • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
              • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Interlocked$DecrementIncrement$Sleep
              • String ID: @COM_EVENTOBJ
              • API String ID: 327565842-2228938565
              • Opcode ID: 9fd16e4317a19ff9fc9810ea6acab1effe774116fa5380b772909f930cd41dda
              • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
              • Opcode Fuzzy Hash: 9fd16e4317a19ff9fc9810ea6acab1effe774116fa5380b772909f930cd41dda
              • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
              APIs
              • VariantClear.OLEAUT32(?), ref: 0047031B
              • VariantClear.OLEAUT32(?), ref: 0047044F
              • VariantInit.OLEAUT32(?), ref: 004704A3
              • DispCallFunc.OLEAUT32(?,?,?,00000015,?,?,?,?), ref: 00470504
              • VariantClear.OLEAUT32(?), ref: 00470516
                • Part of subcall function 00435481: VariantCopy.OLEAUT32(?,?), ref: 00435492
              • VariantCopy.OLEAUT32(?,?), ref: 0047057A
                • Part of subcall function 00435403: VariantClear.OLEAUT32(?), ref: 00435414
              • VariantClear.OLEAUT32(00000000), ref: 0047060D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Variant$Clear$Copy$CallDispFuncInit
              • String ID: H
              • API String ID: 3613100350-2852464175
              • Opcode ID: 01932fbe7953b5f2db06a1b2c00ce524954598a883ff7e0e53db637a30ad4a43
              • Instruction ID: 4e55d858753f5aac0b63ea9498fb9ef25a468b81cfd7169f1740116cc4944d08
              • Opcode Fuzzy Hash: 01932fbe7953b5f2db06a1b2c00ce524954598a883ff7e0e53db637a30ad4a43
              • Instruction Fuzzy Hash: 93B15BB5605311EFD710DF54C880A6BB3A4FF88308F049A2EFA8997351D738E951CB9A
              APIs
              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
              • DestroyWindow.USER32(?), ref: 00426F50
              • UnregisterHotKey.USER32(?), ref: 00426F77
              • FreeLibrary.KERNEL32(?), ref: 0042701F
              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
              • String ID: close all
              • API String ID: 4174999648-3243417748
              • Opcode ID: 2f66c89a40f0e85c5d6dd4ec67defb2116834faec8b505cc193eeea2d12e665d
              • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
              • Opcode Fuzzy Hash: 2f66c89a40f0e85c5d6dd4ec67defb2116834faec8b505cc193eeea2d12e665d
              • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
              APIs
              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
              • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
              • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
              • String ID:
              • API String ID: 1291720006-3916222277
              • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
              • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
              • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
              • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
              APIs
              • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
              • IsMenu.USER32(?), ref: 0045FC5F
              • CreatePopupMenu.USER32 ref: 0045FC97
              • GetMenuItemCount.USER32(?), ref: 0045FCFD
              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Menu$Item$CountCreateInfoInsertPopup
              • String ID: 0$2
              • API String ID: 93392585-3793063076
              • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
              • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
              • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
              • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
              APIs
              • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
              • VariantClear.OLEAUT32(?), ref: 00435320
              • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
              • VariantClear.OLEAUT32(?), ref: 004353B3
              • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
              • String ID: crts
              • API String ID: 586820018-3724388283
              • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
              • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
              • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
              • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
              APIs
                • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\7uJ95NO82G.exe,0040F545,C:\Users\user\Desktop\7uJ95NO82G.exe,004A90E8,C:\Users\user\Desktop\7uJ95NO82G.exe,?,0040F545), ref: 0041013C
              • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
              • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
              • _wcscat.LIBCMT ref: 0044BCAF
              • _wcslen.LIBCMT ref: 0044BCBB
              • _wcslen.LIBCMT ref: 0044BCD1
              • SHFileOperationW.SHELL32(?), ref: 0044BD17
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
              • String ID: \*.*
              • API String ID: 2326526234-1173974218
              • Opcode ID: 6a611f81876c5048765ba5362313eee6d84f5ca1f25d4bdf6f1f19fe1b752b12
              • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
              • Opcode Fuzzy Hash: 6a611f81876c5048765ba5362313eee6d84f5ca1f25d4bdf6f1f19fe1b752b12
              • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsnicmp
              • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
              • API String ID: 1038674560-2734436370
              • Opcode ID: 7c13aa0513e4bb2138c96398a5a2566d58b08304d963883aeef11e8644bf4991
              • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
              • Opcode Fuzzy Hash: 7c13aa0513e4bb2138c96398a5a2566d58b08304d963883aeef11e8644bf4991
              • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
              APIs
              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048D148,00000008,00417A44,00000000,00000000,?,004115F6,?,00401BAC,?,?,?), ref: 0041794D
              • __lock.LIBCMT ref: 00417981
                • Part of subcall function 004182CB: __mtinitlocknum.LIBCMT ref: 004182E1
                • Part of subcall function 004182CB: __amsg_exit.LIBCMT ref: 004182ED
                • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
              • InterlockedIncrement.KERNEL32(FF00482A), ref: 0041798E
              • __lock.LIBCMT ref: 004179A2
              • ___addlocaleref.LIBCMT ref: 004179C0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
              • String ID: KERNEL32.DLL$pI
              • API String ID: 637971194-197072765
              • Opcode ID: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
              • Instruction ID: a50d44c6e21ae10dfe2421e8c890a682036196f235240147777d58dc068d601e
              • Opcode Fuzzy Hash: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
              • Instruction Fuzzy Hash: A401A171404B00EFD720AF66C90A78DBBF0AF50324F20890FE496536A1CBB8A684CB5D
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove$_malloc
              • String ID:
              • API String ID: 1938898002-0
              • Opcode ID: 254afb445fa076520280e46f506258281ef3deca769b694febdbe9415e3fd744
              • Instruction ID: bb51e0d14dcfee45c4d36839732496dc4400bff611838f67d83ec86e680bb9ef
              • Opcode Fuzzy Hash: 254afb445fa076520280e46f506258281ef3deca769b694febdbe9415e3fd744
              • Instruction Fuzzy Hash: FC81CB726001195BDB00EF66DC42AFF7368EF84318F040A6FFD04A7282EE7D995587A9
              APIs
              • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
              • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
              • _memmove.LIBCMT ref: 0044B555
              • _memmove.LIBCMT ref: 0044B578
              • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
              • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
              • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterLeave_malloc
              • String ID:
              • API String ID: 2737351978-0
              • Opcode ID: 0eb1fe433cdde12d2efa93b7525ee27fd2b2abd9c342328331bf985c08509322
              • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
              • Opcode Fuzzy Hash: 0eb1fe433cdde12d2efa93b7525ee27fd2b2abd9c342328331bf985c08509322
              • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
              APIs
              • ___set_flsgetvalue.LIBCMT ref: 0041523A
              • __calloc_crt.LIBCMT ref: 00415246
              • __getptd.LIBCMT ref: 00415253
              • CreateThread.KERNEL32(00000000,?,004151BB,00000000,00000004,00000000), ref: 0041527A
              • ResumeThread.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041528A
              • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00415295
              • _free.LIBCMT ref: 0041529E
              • __dosmaperr.LIBCMT ref: 004152A9
                • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
              • String ID:
              • API String ID: 3638380555-0
              • Opcode ID: ceb77f577b932ecc061a214adf97d6bda1f2bbbde8b0acc1a90a04adb45bcfac
              • Instruction ID: 1ae632b5747f25178f06b1f704b10109f3b838f12a9538f44878b4cc3517b2ff
              • Opcode Fuzzy Hash: ceb77f577b932ecc061a214adf97d6bda1f2bbbde8b0acc1a90a04adb45bcfac
              • Instruction Fuzzy Hash: 31110A33105B00ABD2102BB69C45ADB37A4DF85734B24065FF924862D1CA7C98814AAD
              APIs
              • WSAStartup.WSOCK32(00000101,?), ref: 00465559
                • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
              • inet_addr.WSOCK32(?,00000000,?,?), ref: 0046559B
              • gethostbyname.WSOCK32(?), ref: 004655A6
              • GlobalAlloc.KERNEL32(00000040,00000040), ref: 0046561C
              • _memmove.LIBCMT ref: 004656CA
              • GlobalFree.KERNEL32(00000000), ref: 0046575C
              • WSACleanup.WSOCK32 ref: 00465762
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memmovegethostbynameinet_addr
              • String ID:
              • API String ID: 2945290962-0
              • Opcode ID: 4795c790589efa9604366ab314be66f87df03ced37406f02fbff6eb4d423be89
              • Instruction ID: 472bd1bc5547e678c188051989a3a6c7a671c7751f2ff3ad056c489052ad9926
              • Opcode Fuzzy Hash: 4795c790589efa9604366ab314be66f87df03ced37406f02fbff6eb4d423be89
              • Instruction Fuzzy Hash: CAA19E72604300AFD310EF65C981F5FB7E8AF88704F544A1EF64597291E778E905CB9A
              APIs
              • GetSystemMetrics.USER32(0000000F), ref: 00440527
              • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
              • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
              • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
              • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
              • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
              • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
              • String ID:
              • API String ID: 1457242333-0
              • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
              • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
              • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
              • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
              APIs
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B799
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ConnectRegistry_memmove_wcslen
              • String ID:
              • API String ID: 15295421-0
              • Opcode ID: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
              • Instruction ID: 8aea567fc0405534ed4901798b67d501f7e0ea7b8d3e81485b6dc33093e60a2a
              • Opcode Fuzzy Hash: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
              • Instruction Fuzzy Hash: 96A170B12043019FD710EF65CC85B1BB7E8EF85304F14892EF6859B291DB78E945CB9A
              APIs
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • _wcstok.LIBCMT ref: 004675B2
                • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
              • _wcscpy.LIBCMT ref: 00467641
              • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
              • _wcslen.LIBCMT ref: 00467793
              • _wcslen.LIBCMT ref: 004677BD
                • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
              • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$FileName_memmove$OpenSave__getptd_wcscpy_wcstok
              • String ID: X
              • API String ID: 780548581-3081909835
              • Opcode ID: 6bc026ad60072e4c220b5f967dbca79fc283deaac7c67373bdd3fe9bc950e382
              • Instruction ID: 4d78316a312392ccd7929e5b9cc6f9f998d70627324fd0ae594e8e4bf7546d1d
              • Opcode Fuzzy Hash: 6bc026ad60072e4c220b5f967dbca79fc283deaac7c67373bdd3fe9bc950e382
              • Instruction Fuzzy Hash: 1381A3315083008FD310EF65C985A5FB7E5AF84318F108A2FF599572A1EB78ED46CB9A
              APIs
                • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
              • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
              • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
              • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
              • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
              • CloseFigure.GDI32(?), ref: 0044751F
              • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
              • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
              • String ID:
              • API String ID: 4082120231-0
              • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
              • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
              • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
              • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
              APIs
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B3A6
              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0046B3D2
              • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 0046B3FD
              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0046B430
              • RegCloseKey.ADVAPI32(?,000000FF,00000000), ref: 0046B459
              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0046B492
              • RegCloseKey.ADVAPI32(?), ref: 0046B49D
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Close$ConnectEnumOpenRegistryValue_malloc_memmove_wcslen
              • String ID:
              • API String ID: 2027346449-0
              • Opcode ID: fd9ec896851cfe8ba5d77e6eb7557ecd2b90a16d2ad207272d237edd4ee25537
              • Instruction ID: e744fe3a0f0af3658e2b80b3541497a384b181c150b1b14c88f03688e4e42502
              • Opcode Fuzzy Hash: fd9ec896851cfe8ba5d77e6eb7557ecd2b90a16d2ad207272d237edd4ee25537
              • Instruction Fuzzy Hash: 92613D71218301ABD304EF65C985E6BB7A8FFC8704F008A2EF945D7281DB75E945CBA6
              APIs
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
              • GetMenu.USER32 ref: 0047A703
              • GetMenuItemCount.USER32(00000000), ref: 0047A74F
              • GetMenuStringW.USER32(00000000,?,?,00007FFF,00000400), ref: 0047A783
              • _wcslen.LIBCMT ref: 0047A79E
              • GetMenuItemID.USER32(00000000,?), ref: 0047A7E0
              • GetSubMenu.USER32(00000000,?), ref: 0047A7F2
              • PostMessageW.USER32(?,00000111,?,00000000), ref: 0047A884
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Menu$Item$CountMessagePostStringWindow_malloc_wcslen
              • String ID:
              • API String ID: 3257027151-0
              • Opcode ID: 593a3109556d9b21452c25584920ed9ff9da066780f75faca70946367d94fd10
              • Instruction ID: 02f8ada5611b6a2978ded3aa89f74167ce8c021908d800e5e23178b580333db3
              • Opcode Fuzzy Hash: 593a3109556d9b21452c25584920ed9ff9da066780f75faca70946367d94fd10
              • Instruction Fuzzy Hash: AA51FA71504301ABD310EF25DC81B9FB7E8FF88314F108A2EF989A7241D779E95487A6
              APIs
              • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 0046D3D3
              • WSAGetLastError.WSOCK32(00000000), ref: 0046D3E4
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLastselect
              • String ID:
              • API String ID: 215497628-0
              • Opcode ID: d96eca3d3d7b8423128e621c274cc18993cdfe440bc0991dbfcffd67b2462549
              • Instruction ID: fadcceb5308e48970113ceaff65c18732520a09434288b0a98514d96d8681c7b
              • Opcode Fuzzy Hash: d96eca3d3d7b8423128e621c274cc18993cdfe440bc0991dbfcffd67b2462549
              • Instruction Fuzzy Hash: 65510772E001046BD710EF69DC85FAEB3A8EB94320F14856EF905D7381EA35DD41C7A5
              APIs
              • GetParent.USER32(?), ref: 0044443B
              • GetKeyboardState.USER32(?), ref: 00444450
              • SetKeyboardState.USER32(?), ref: 004444A4
              • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
              • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
              • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessagePost$KeyboardState$Parent
              • String ID:
              • API String ID: 87235514-0
              • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
              • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
              • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
              • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
              APIs
              • GetParent.USER32(?), ref: 00444633
              • GetKeyboardState.USER32(?), ref: 00444648
              • SetKeyboardState.USER32(?), ref: 0044469C
              • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
              • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
              • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
              • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessagePost$KeyboardState$Parent
              • String ID:
              • API String ID: 87235514-0
              • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
              • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
              • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
              • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
              APIs
              • SendMessageW.USER32(?,00001308,?,00000000), ref: 0045539F
              • ImageList_Remove.COMCTL32(?,?), ref: 004553D3
              • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004554BB
              • DeleteObject.GDI32(?), ref: 00455736
              • DeleteObject.GDI32(?), ref: 00455744
              • DestroyIcon.USER32(?), ref: 00455752
              • DestroyWindow.USER32(?), ref: 00455760
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
              • String ID:
              • API String ID: 2354583917-0
              • Opcode ID: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
              • Instruction ID: c6eb43681ca9132c11a6020d2ba108f27148fdc9c8ef1f50c91adec3b3f4716e
              • Opcode Fuzzy Hash: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
              • Instruction Fuzzy Hash: 76516B74204A419FC714DF24C4A4BB677F5FF8A302F1486AAED998B392D738A849CB54
              APIs
              • CreateToolhelp32Snapshot.KERNEL32 ref: 00475608
              • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00475618
              • __wsplitpath.LIBCMT ref: 00475644
                • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
              • _wcscat.LIBCMT ref: 00475657
              • __wcsicoll.LIBCMT ref: 0047567B
              • Process32NextW.KERNEL32(00000000,?), ref: 004756AB
              • CloseHandle.KERNEL32(00000000), ref: 004756BA
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
              • String ID:
              • API String ID: 2547909840-0
              • Opcode ID: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
              • Instruction ID: 52239f647ae7113ca4c6e3167181772f82882466072c53a1302db900a9aecbbd
              • Opcode Fuzzy Hash: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
              • Instruction Fuzzy Hash: B3518671900618ABDB10DF55CD85FDE77B8EF44704F1084AAF509AB282DA75AF84CF68
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
              • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
              • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
              • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
              APIs
              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004488BD
              • SendMessageW.USER32(?,00000469,?,00000000), ref: 004488D3
              • EnableWindow.USER32(?,00000000), ref: 00448B5C
              • EnableWindow.USER32(?,00000001), ref: 00448B72
              • ShowWindow.USER32(?,00000000), ref: 00448BE8
              • ShowWindow.USER32(?,00000004), ref: 00448BF4
              • EnableWindow.USER32(?,00000001), ref: 00448C09
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$Enable$Show$MessageMoveSend
              • String ID:
              • API String ID: 896007046-0
              • Opcode ID: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
              • Instruction ID: 578be1c3660e2fd518c7beccd973f741d6ce186f3db94e5441c29ef1e5fc56da
              • Opcode Fuzzy Hash: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
              • Instruction Fuzzy Hash: 5F419D742003809FF724DB24C894BAB77E0FF96305F18446EF5859B291DB78A845CB59
              APIs
              • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448AC9
              • GetFocus.USER32 ref: 00448ACF
              • EnableWindow.USER32(?,00000000), ref: 00448B5C
              • EnableWindow.USER32(?,00000001), ref: 00448B72
              • ShowWindow.USER32(?,00000000), ref: 00448BE8
              • ShowWindow.USER32(?,00000004), ref: 00448BF4
              • EnableWindow.USER32(?,00000001), ref: 00448C09
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$Enable$Show$FocusMessageSend
              • String ID:
              • API String ID: 3429747543-0
              • Opcode ID: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
              • Instruction ID: 6f3afe48a64986b2df7f4b22be5166ca64fe0b5af1f2aee4406df3dc20f3ce1d
              • Opcode Fuzzy Hash: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
              • Instruction Fuzzy Hash: F331C4706043805BF7248F24CCC8BAFB7D4FB95305F08491EF581A6291DBBCA845CB59
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D459
              • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CF
              • __swprintf.LIBCMT ref: 0045D4E9
              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D52D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$InformationVolume__swprintf
              • String ID: %lu$\VH
              • API String ID: 3164766367-2432546070
              • Opcode ID: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
              • Instruction ID: a5bcfc38f1a54d16d783223dfbe865d4bc924dff4e6617147b97584b2165572c
              • Opcode Fuzzy Hash: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
              • Instruction Fuzzy Hash: 11317171A00209AFCB14EF95DD85EAEB7B8FF48304F1084AAF905A7291D774EA45CB94
              APIs
              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450BE7
              • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450BF8
              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450C06
              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450C17
              • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450C25
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend
              • String ID: Msctls_Progress32
              • API String ID: 3850602802-3636473452
              • Opcode ID: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
              • Instruction ID: 3e9a69ee1b5e3cb2ffa50bc712587bba9ef5757239c838e11c91c46d95a842ac
              • Opcode Fuzzy Hash: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
              • Instruction Fuzzy Hash: 7A21667135030477EB20DEA9DC82F97B3AD9F94B24F21460AFB54A72D1C5B5F8418B58
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
              • String ID:
              • API String ID: 3985565216-0
              • Opcode ID: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
              • Instruction ID: 510e71718d61fb01ae158a6e5fa7ad280301b7661e5b3aef53c80a3471921dd4
              • Opcode Fuzzy Hash: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
              • Instruction Fuzzy Hash: 70217E70200A00EFCB20DF25D9D4A2A77AABF48712F10896DE906CB356D739EC45CB69
              APIs
              • _malloc.LIBCMT ref: 0041F707
                • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
              • _free.LIBCMT ref: 0041F71A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AllocateHeap_free_malloc
              • String ID: [B
              • API String ID: 1020059152-632041663
              • Opcode ID: 5ae3695c4899d33c0c5016eec090c96391fe5f6cd2bec6778d3ea2d81492c429
              • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
              • Opcode Fuzzy Hash: 5ae3695c4899d33c0c5016eec090c96391fe5f6cd2bec6778d3ea2d81492c429
              • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
              APIs
                • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
              • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
              • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
              • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
              • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
              • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
              • CreateThread.KERNEL32(00000000,00000000,Function_00036C2B,00000000,00000000,00000000), ref: 00436CCA
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
              • String ID:
              • API String ID: 1957940570-0
              • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
              • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
              • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
              • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
              APIs
              • GetClientRect.USER32(?,?), ref: 004302E6
              • GetWindowRect.USER32(00000000,?), ref: 00430316
              • GetClientRect.USER32(?,?), ref: 00430364
              • GetSystemMetrics.USER32(0000000F), ref: 004303B1
              • GetWindowRect.USER32(?,?), ref: 004303C3
              • ScreenToClient.USER32(?,?), ref: 004303EC
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Rect$Client$Window$MetricsScreenSystem
              • String ID:
              • API String ID: 3220332590-0
              • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
              • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
              • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
              • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _malloc_wcslen$_strcat_wcscpy
              • String ID:
              • API String ID: 1612042205-0
              • Opcode ID: de986be264bc4095e11606319f6bc53bb2fe9b52cfcfc757ffd23d2b2712e847
              • Instruction ID: da8a40d04f443fc8bffa22af6bb0a7b3fb41b3e40a14b17b7fca75945af8e81c
              • Opcode Fuzzy Hash: de986be264bc4095e11606319f6bc53bb2fe9b52cfcfc757ffd23d2b2712e847
              • Instruction Fuzzy Hash: 40914A74604205EFCB10DF98D4C09A9BBA5FF48305B60C66AEC0A8B35AD738EE55CBD5
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove_strncmp
              • String ID: >$U$\
              • API String ID: 2666721431-237099441
              • Opcode ID: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
              • Instruction ID: 902f5a6c35c0d49260658601fd29bdf8c292b60929ab84f6d376942388b5a00c
              • Opcode Fuzzy Hash: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
              • Instruction Fuzzy Hash: 8DF1B170A00249CFEB14CFA9C8906AEFBF1FF89304F2485AED845A7341D779A946CB55
              APIs
              • GetKeyboardState.USER32(?), ref: 0044C570
              • SetKeyboardState.USER32(00000080), ref: 0044C594
              • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
              • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
              • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
              • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessagePost$KeyboardState$InputSend
              • String ID:
              • API String ID: 2221674350-0
              • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
              • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
              • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
              • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcscpy$_wcscat
              • String ID:
              • API String ID: 2037614760-0
              • Opcode ID: 0a7751e95161f2e20e4e590464e159216589dd262c99a79b50a66f7d9216e4ff
              • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
              • Opcode Fuzzy Hash: 0a7751e95161f2e20e4e590464e159216589dd262c99a79b50a66f7d9216e4ff
              • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
              APIs
              • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
              • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
              • VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
              • VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
              • VariantClear.OLEAUT32(-00000058), ref: 00451CA1
              • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Variant$Copy$AllocClearErrorLastString
              • String ID:
              • API String ID: 960795272-0
              • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
              • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
              • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
              • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
              APIs
              • BeginPaint.USER32(00000000,?), ref: 00447BDF
              • GetWindowRect.USER32(?,?), ref: 00447C5D
              • ScreenToClient.USER32(?,?), ref: 00447C7B
              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
              • EndPaint.USER32(?,?), ref: 00447D13
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
              • String ID:
              • API String ID: 4189319755-0
              • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
              • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
              • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
              • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
              APIs
              • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
              • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
              • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
              • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
              • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004490E1
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$LongWindow$InvalidateRect
              • String ID:
              • API String ID: 1976402638-0
              • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
              • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
              • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
              • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
              APIs
              • ShowWindow.USER32(?,00000000), ref: 00440A8A
              • EnableWindow.USER32(?,00000000), ref: 00440AAF
              • ShowWindow.USER32(?,00000000), ref: 00440B18
              • ShowWindow.USER32(?,00000004), ref: 00440B2B
              • EnableWindow.USER32(?,00000001), ref: 00440B50
              • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$Show$Enable$MessageSend
              • String ID:
              • API String ID: 642888154-0
              • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
              • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
              • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
              • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
              APIs
              • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044881F
              • EnableWindow.USER32(?,00000000), ref: 00448B5C
              • EnableWindow.USER32(?,00000001), ref: 00448B72
              • ShowWindow.USER32(?,00000000), ref: 00448BE8
              • ShowWindow.USER32(?,00000004), ref: 00448BF4
              • EnableWindow.USER32(?,00000001), ref: 00448C09
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$Enable$Show$MessageSend
              • String ID:
              • API String ID: 1871949834-0
              • Opcode ID: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
              • Instruction ID: ab733961f10eda6fa12bc0977b233c6b2b6736debfa9bed553c9f015fe8cd40e
              • Opcode Fuzzy Hash: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
              • Instruction Fuzzy Hash: 6931B3B17443815BF7258E24CCC4BAFB7D0EB95345F08482EF58196291DBAC9845C75A
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
              • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
              • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
              • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
              APIs
              • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 00471A45
              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,00000000,?,00000001), ref: 00471A86
              • SendMessageW.USER32(?,00001303,00000000,00000000), ref: 00471AA8
              • ImageList_ReplaceIcon.COMCTL32(?,?,?,?,00000000,?,00000001), ref: 00471ABF
              • SendMessageW.USER32 ref: 00471AE3
              • DestroyIcon.USER32(?), ref: 00471AF4
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Icon$ImageList_MessageSend$CreateDestroyExtractReplace
              • String ID:
              • API String ID: 3611059338-0
              • Opcode ID: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
              • Instruction ID: ff529b192773d28f9e5fe2f6f8d7a9043cb056f7fe4a3f7912da33dbd9270a4a
              • Opcode Fuzzy Hash: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
              • Instruction Fuzzy Hash: FB21AB71600204AFEB10CF64DD85FAA73B5FF88700F10846EFA05AB290DBB4A9428B64
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: DestroyWindow$DeleteObject$IconMove
              • String ID:
              • API String ID: 1640429340-0
              • Opcode ID: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
              • Instruction ID: 1af524ae86da71fe4f89171a472fc693caa25f853ed14bd6ff7d4c509651bbe6
              • Opcode Fuzzy Hash: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
              • Instruction Fuzzy Hash: C6311874200A41DFC710DF24D9D8B3A77E9FB48712F0445AAE946CB262D778E848CB69
              APIs
                • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
              • _wcslen.LIBCMT ref: 004438CD
              • _wcslen.LIBCMT ref: 004438E6
              • _wcstok.LIBCMT ref: 004438F8
              • _wcslen.LIBCMT ref: 0044390C
              • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
              • _wcstok.LIBCMT ref: 00443931
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
              • String ID:
              • API String ID: 3632110297-0
              • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
              • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
              • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
              • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Destroy$DeleteMenuObject$IconWindow
              • String ID:
              • API String ID: 752480666-0
              • Opcode ID: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
              • Instruction ID: 7b220c8407ffc283b2c26cc65a644285b0b18e1ed163c7e0472fb9f2b18bc557
              • Opcode Fuzzy Hash: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
              • Instruction Fuzzy Hash: B7215970600A01DFD714DF29D9E8B3A7BA9BF49312F04855AE8468B352C738EC89CB59
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Destroy$DeleteObjectWindow$IconImageList_
              • String ID:
              • API String ID: 3275902921-0
              • Opcode ID: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
              • Instruction ID: 11d86efc281b6c380d974b68bd8b9632be9d9c574e85584f431c859402bfc888
              • Opcode Fuzzy Hash: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
              • Instruction Fuzzy Hash: 9C217C70200A01DFC714DF39D998A6AB7E4BF49311F10862EE959C7392D778D845CB58
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Destroy$DeleteObjectWindow$IconImageList_
              • String ID:
              • API String ID: 3275902921-0
              • Opcode ID: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
              • Instruction ID: f2615e71845bffb995fe2c2b9381f89f67980fa6d4eb7dd8f13843e5971e4781
              • Opcode Fuzzy Hash: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
              • Instruction Fuzzy Hash: 54213D70200A01DFD710EF25D9D4A2B37E9BF49312F10896EE945CB352D739D845CB69
              APIs
              • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
              • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
              • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: PerformanceQuery$CounterSleep$Frequency
              • String ID:
              • API String ID: 2833360925-0
              • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
              • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
              • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
              • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
              APIs
              • SendMessageW.USER32 ref: 004555C7
              • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004555E2
              • DeleteObject.GDI32(?), ref: 00455736
              • DeleteObject.GDI32(?), ref: 00455744
              • DestroyIcon.USER32(?), ref: 00455752
              • DestroyWindow.USER32(?), ref: 00455760
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: DeleteDestroyMessageObjectSend$IconWindow
              • String ID:
              • API String ID: 3691411573-0
              • Opcode ID: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
              • Instruction ID: 7bbaf3a525edecc9c7f674a1bc178dbce74773f27e06def1294b58b6a87c9b54
              • Opcode Fuzzy Hash: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
              • Instruction Fuzzy Hash: 3D116071204601DBC710DF69EDC8A2A77A8FB58322F10466AFD10DB292D779D849CB68
              APIs
                • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
              • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
              • LineTo.GDI32(?,?,?), ref: 004472AC
              • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
              • LineTo.GDI32(?,?,?), ref: 004472C6
              • EndPath.GDI32(?), ref: 004472D6
              • StrokePath.GDI32(?), ref: 004472E4
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
              • String ID:
              • API String ID: 372113273-0
              • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
              • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
              • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
              • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
              APIs
              • GetDC.USER32(00000000), ref: 0044CC6D
              • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
              • ReleaseDC.USER32(00000000,00000000), ref: 0044CC90
              • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
              • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CapsDevice$Release
              • String ID:
              • API String ID: 1035833867-0
              • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
              • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
              • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
              • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
              APIs
              • __getptd.LIBCMT ref: 0041708E
                • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
              • __amsg_exit.LIBCMT ref: 004170AE
              • __lock.LIBCMT ref: 004170BE
              • InterlockedDecrement.KERNEL32(?), ref: 004170DB
              • _free.LIBCMT ref: 004170EE
              • InterlockedIncrement.KERNEL32(03162DB0), ref: 00417106
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
              • String ID:
              • API String ID: 3470314060-0
              • Opcode ID: 24516f4010ce0b93e8566e6a8de288d1d1524a4de8e6263f522fbb499f39661f
              • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
              • Opcode Fuzzy Hash: 24516f4010ce0b93e8566e6a8de288d1d1524a4de8e6263f522fbb499f39661f
              • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
              APIs
              • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
              • EnterCriticalSection.KERNEL32(?), ref: 0044B666
              • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
              • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
              • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
              • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
              • String ID:
              • API String ID: 3495660284-0
              • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
              • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
              • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
              • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
              APIs
              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
              • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
              • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Virtual
              • String ID:
              • API String ID: 4278518827-0
              • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
              • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
              • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
              • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
              APIs
              • ___set_flsgetvalue.LIBCMT ref: 004151C0
                • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
              • ___fls_getvalue@4.LIBCMT ref: 004151CB
                • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
              • ___fls_setvalue@8.LIBCMT ref: 004151DD
              • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
              • ExitThread.KERNEL32 ref: 004151ED
              • __freefls@4.LIBCMT ref: 00415209
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
              • String ID:
              • API String ID: 442100245-0
              • Opcode ID: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
              • Instruction ID: 28e435cdead01fd65333368df2891c86ea6a44e569ea48f613a140ff37384f5b
              • Opcode Fuzzy Hash: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
              • Instruction Fuzzy Hash: FEF01975544700AFC704BF76C54D9CE7BB99F94349720845EB80887222DA3CD8C2C669
              APIs
                • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
              • GetMenuItemInfoW.USER32(?,00000000), ref: 0045F85C
              • _wcslen.LIBCMT ref: 0045F94A
              • SetMenuItemInfoW.USER32(00000011,00000000,00000000,?), ref: 0045F9AE
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • SetMenuDefaultItem.USER32(00000000,000000FF,00000000,?,00000000), ref: 0045F9CA
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ItemMenu$Info_wcslen$Default_malloc_wcscpy
              • String ID: 0
              • API String ID: 621800784-4108050209
              • Opcode ID: 81ac811d22c35f9fa91ba742b1be7df183685e8d6235a52bfd7a192db436f1c3
              • Instruction ID: 8916cda2fcff4f3da81aa675480f1736598f59ba0f795e6899437ff2d0190f01
              • Opcode Fuzzy Hash: 81ac811d22c35f9fa91ba742b1be7df183685e8d6235a52bfd7a192db436f1c3
              • Instruction Fuzzy Hash: E061EDB1604301AAD710EF69D885B6B77A4AF99315F04493FF98087292E7BCD84CC79B
              APIs
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • SetErrorMode.KERNEL32 ref: 004781CE
              • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00478387
                • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
              • SetErrorMode.KERNEL32(?), ref: 00478270
              • SetErrorMode.KERNEL32(?), ref: 00478340
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$AttributesFile_memmove_wcslen
              • String ID: \VH
              • API String ID: 3884216118-234962358
              • Opcode ID: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
              • Instruction ID: 3f1cdca54a202f1bd1938e87a451cd9606667cca5306a7eaf6ab6c0a6d737147
              • Opcode Fuzzy Hash: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
              • Instruction Fuzzy Hash: F9619F715043019BC310EF25C585A5BB7E0BFC8708F04896EFA996B392CB76ED45CB96
              APIs
              • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
              • IsMenu.USER32(?), ref: 0044854D
              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
              • DrawMenuBar.USER32 ref: 004485AF
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Menu$Item$DrawInfoInsert
              • String ID: 0
              • API String ID: 3076010158-4108050209
              • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
              • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
              • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
              • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
              APIs
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469D69
              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00469D7C
              • SendMessageW.USER32(?,00000189,00000000,00000000), ref: 00469DAC
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$_memmove_wcslen
              • String ID: ComboBox$ListBox
              • API String ID: 1589278365-1403004172
              • Opcode ID: 9e9d9d4e41393af2d63d9782b37bb37f5cc5410b1ae38e6aaba3d9f9dd2bbffd
              • Instruction ID: b025c67d46b61e1fa51b41144ded2117d8c1ab71acdc4e5cb50a5164a05e923b
              • Opcode Fuzzy Hash: 9e9d9d4e41393af2d63d9782b37bb37f5cc5410b1ae38e6aaba3d9f9dd2bbffd
              • Instruction Fuzzy Hash: 8D31287160010477DB10BB69CC45BEF775C9F86324F10852FF918AB2D1DABC9E4583A6
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Handle
              • String ID: nul
              • API String ID: 2519475695-2873401336
              • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
              • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
              • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
              • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
              APIs
              • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Handle
              • String ID: nul
              • API String ID: 2519475695-2873401336
              • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
              • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
              • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
              • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
              APIs
              • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
              • _wcsncpy.LIBCMT ref: 00401C41
              • _wcscpy.LIBCMT ref: 00401C5D
              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: IconLoadNotifyShell_String_memmove_wcscpy_wcslen_wcsncpy
              • String ID: Line:
              • API String ID: 1874344091-1585850449
              • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
              • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
              • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
              • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID: SysAnimate32
              • API String ID: 0-1011021900
              • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
              • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
              • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
              • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
              APIs
                • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                • Part of subcall function 0043646A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                • Part of subcall function 0043646A: GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                • Part of subcall function 0043646A: GetCurrentThreadId.KERNEL32 ref: 004364A3
                • Part of subcall function 0043646A: AttachThreadInput.USER32(00000000), ref: 004364AA
              • GetFocus.USER32 ref: 0046157B
                • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364C3
                • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364CF
              • GetClassNameW.USER32(?,?,00000100), ref: 004615C4
              • EnumChildWindows.USER32(?,Function_00045B98,?), ref: 004615EF
              • __swprintf.LIBCMT ref: 00461608
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_memmove_wcslen
              • String ID: %s%d
              • API String ID: 2645982514-1110647743
              • Opcode ID: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
              • Instruction ID: 8eac61321038dbd32bfe14263504560db7c98c8fbeeeb2eb49a46d34c9d63f73
              • Opcode Fuzzy Hash: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
              • Instruction Fuzzy Hash: 272180756007096BD610AF69DC89FAF73A8FB88704F00841FF918A7241DAB8A9418B69
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
              • Instruction ID: b0f148a0463f8e77612455c4d0488571574065cadd758f34d18f988e9301810f
              • Opcode Fuzzy Hash: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
              • Instruction Fuzzy Hash: 2A819F74600604BFEB24CF95C994FBB7B68EF59350F10804EF8959B341E6B8AC45CB6A
              APIs
              • GetCurrentProcessId.KERNEL32(?), ref: 0047584D
              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047585B
              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047587F
              • CloseHandle.KERNEL32(00000000), ref: 00475A4D
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Process$CloseCountersCurrentHandleOpen
              • String ID:
              • API String ID: 3488606520-0
              • Opcode ID: 7fd3602cd651dad3c5defef94bf6212d7269dc29ca20ef2dbd8ae2937eb4da43
              • Instruction ID: 747e8e91012d04cc7bcfbda4f2b49d0ca9967bea8b965680eccea6cdbc9dea0c
              • Opcode Fuzzy Hash: 7fd3602cd651dad3c5defef94bf6212d7269dc29ca20ef2dbd8ae2937eb4da43
              • Instruction Fuzzy Hash: 82817170A047029FD310DF65C981B4BBBE1BF84704F10892EF6999B3D2DA75E944CB96
              APIs
                • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B5B5
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ConnectRegistry_memmove_wcslen
              • String ID:
              • API String ID: 15295421-0
              • Opcode ID: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
              • Instruction ID: 481e56be03c4cee60d8ca92471cfa4b3875eab78bcfcbf7fb961631f720e0f99
              • Opcode Fuzzy Hash: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
              • Instruction Fuzzy Hash: 7D515F71208301ABD304EF65C885E5BB7A8FF88704F10892EB54597291D774E945CBA6
              APIs
              • LoadLibraryW.KERNEL32(00000000,?,?,?), ref: 0046485D
              • GetProcAddress.KERNEL32(?,?), ref: 004648F7
              • GetProcAddress.KERNEL32(?,00000000), ref: 00464916
              • GetProcAddress.KERNEL32(?,?), ref: 0046495A
              • FreeLibrary.KERNEL32(?,?,?,?), ref: 0046497C
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AddressProc$Library$FreeLoad
              • String ID:
              • API String ID: 2449869053-0
              • Opcode ID: 3137254d3866a5329944bd4cd38ed45afe8262ff0536c43391529d0e6cbb617e
              • Instruction ID: 8919579e2c9fc9b2d94c4928dd3202a5bdd7863bc063e44bf2a6fba2f1eed130
              • Opcode Fuzzy Hash: 3137254d3866a5329944bd4cd38ed45afe8262ff0536c43391529d0e6cbb617e
              • Instruction Fuzzy Hash: 2351BF756002049FCB00EFA4C985A9EB7B4EF88304F14856EFD05AB392DB79ED45CB99
              APIs
              • GetCursorPos.USER32(?), ref: 004563A6
              • ScreenToClient.USER32(?,?), ref: 004563C3
              • GetAsyncKeyState.USER32(?), ref: 00456400
              • GetAsyncKeyState.USER32(?), ref: 00456410
              • GetWindowLongW.USER32(?,000000F0), ref: 00456466
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AsyncState$ClientCursorLongScreenWindow
              • String ID:
              • API String ID: 3539004672-0
              • Opcode ID: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
              • Instruction ID: 60090bce41a6de58f2ab96a8453d1e3558661e38fd0c916b19f374a884add038
              • Opcode Fuzzy Hash: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
              • Instruction Fuzzy Hash: 49414C74504204BBDB24CF65C884EEFBBB8EB46326F60464EFC6593281CB34A944CB68
              APIs
              • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D438
              • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D44D
              • Sleep.KERNEL32(0000000A), ref: 0047D455
              • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D460
              • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D56A
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Interlocked$DecrementIncrement$Sleep
              • String ID:
              • API String ID: 327565842-0
              • Opcode ID: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
              • Instruction ID: e00c67d4cb89bf1d5311357fb713975cbca1e0cfcee7190b0451066ade77f289
              • Opcode Fuzzy Hash: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
              • Instruction Fuzzy Hash: CC412571A002055FEB10DF65CD84AEE7774EF45304B10852EF609A7351E738EE46CB99
              APIs
              • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C44F
              • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C477
              • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C4C3
              • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C4E7
              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C4F6
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: PrivateProfile$SectionWrite$String
              • String ID:
              • API String ID: 2832842796-0
              • Opcode ID: 80413c63c247ca5a6c50c863bbc5616d4301eed01054a3e2b3b6367dcd347471
              • Instruction ID: 1eb5009190fa999c36a74edd43b7bd9b51adbc8f8691a9c3f5840d50e9073e8b
              • Opcode Fuzzy Hash: 80413c63c247ca5a6c50c863bbc5616d4301eed01054a3e2b3b6367dcd347471
              • Instruction Fuzzy Hash: D1413075A00209BFDB10EFA1DC85FAAB7A8BF44305F10855EF9049B292DA79EE44CB54
              APIs
              • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00441CA9
              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
              • RegCloseKey.ADVAPI32(?), ref: 00441CFE
              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
              • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00441D6E
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Enum$CloseDeleteOpen
              • String ID:
              • API String ID: 2095303065-0
              • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
              • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
              • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
              • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
              APIs
              • GetWindowRect.USER32(?,?), ref: 00436A24
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: RectWindow
              • String ID:
              • API String ID: 861336768-0
              • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
              • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
              • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
              • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
              APIs
              • SendMessageW.USER32 ref: 00449598
                • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
              • SendMessageW.USER32(?,00001074,?,?), ref: 004495F8
              • _wcslen.LIBCMT ref: 0044960D
              • _wcslen.LIBCMT ref: 0044961A
              • SendMessageW.USER32(?,00001074,?,?), ref: 0044964E
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$_wcslen$_wcspbrk
              • String ID:
              • API String ID: 1856069659-0
              • Opcode ID: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
              • Instruction ID: 683be220b4a5e9d86ccbf412c3bd2f13dbb60120779f28b1c577ab6eeef24407
              • Opcode Fuzzy Hash: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
              • Instruction Fuzzy Hash: 77318F71A00218ABEB20DF59DC80BDFB374FF94314F10466AFA0497280E7B59D958B94
              APIs
              • GetCursorPos.USER32(?), ref: 004478E2
              • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
              • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
              • GetCursorPos.USER32(00000000), ref: 0044796A
              • TrackPopupMenuEx.USER32(?,00000000,00000000,?,?,00000000), ref: 00447991
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CursorMenuPopupTrack$Proc
              • String ID:
              • API String ID: 1300944170-0
              • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
              • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
              • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
              • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
              APIs
              • GetClientRect.USER32(?,?), ref: 004479CC
              • GetCursorPos.USER32(?), ref: 004479D7
              • ScreenToClient.USER32(?,?), ref: 004479F3
              • WindowFromPoint.USER32(?,?), ref: 00447A34
              • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447AAD
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Client$CursorFromPointProcRectScreenWindow
              • String ID:
              • API String ID: 1822080540-0
              • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
              • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
              • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
              • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
              APIs
              • GetWindowRect.USER32(?,?), ref: 00447C5D
              • ScreenToClient.USER32(?,?), ref: 00447C7B
              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
              • EndPaint.USER32(?,?), ref: 00447D13
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ClientPaintRectRectangleScreenViewportWindow
              • String ID:
              • API String ID: 659298297-0
              • Opcode ID: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
              • Instruction ID: 3c0582d8bc81ba5dadaaf244cb1f1d3939805113443e317e1f98b5bdeebaec33
              • Opcode Fuzzy Hash: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
              • Instruction Fuzzy Hash: C33161706043019FE310CF25D8C8F7B7BE8EB86724F144A6EF9A5872A1C774A845DB69
              APIs
              • EnableWindow.USER32(?,00000000), ref: 00448B5C
              • EnableWindow.USER32(?,00000001), ref: 00448B72
              • ShowWindow.USER32(?,00000000), ref: 00448BE8
              • ShowWindow.USER32(?,00000004), ref: 00448BF4
              • EnableWindow.USER32(?,00000001), ref: 00448C09
                • Part of subcall function 00440D98: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                • Part of subcall function 00440D98: SendMessageW.USER32(03161BD8,000000F1,00000000,00000000), ref: 00440E6E
                • Part of subcall function 00440D98: SendMessageW.USER32(03161BD8,000000F1,00000001,00000000), ref: 00440E9A
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$EnableMessageSend$LongShow
              • String ID:
              • API String ID: 142311417-0
              • Opcode ID: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
              • Instruction ID: c941ec4e4e3d0536419715940b2668e48b64c275bb9f23e9dd6fd7b29375311a
              • Opcode Fuzzy Hash: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
              • Instruction Fuzzy Hash: DE21F7B17443805BF7258E24CCC4BAFB7D0EF56345F08482EF98196391DBACA885C75A
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
              • Instruction ID: af34b986bc09d21a6a739d25b45c5a22770885c200d938a8bd6fc5fff5094107
              • Opcode Fuzzy Hash: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
              • Instruction Fuzzy Hash: 5921AE75200600DBC710EF29E9D496B77B9EF49362B00466EFE5197392DB34EC09CB69
              APIs
              • IsWindowVisible.USER32(?), ref: 00445879
              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
              • _wcslen.LIBCMT ref: 004458FB
              • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
              • String ID:
              • API String ID: 3087257052-0
              • Opcode ID: 9f044a504110e6622db6c89a39ee480ea435312bb740710e5b65c5c332669afe
              • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
              • Opcode Fuzzy Hash: 9f044a504110e6622db6c89a39ee480ea435312bb740710e5b65c5c332669afe
              • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
              APIs
              • DeleteObject.GDI32(00000000), ref: 004471D8
              • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
              • SelectObject.GDI32(?,00000000), ref: 00447228
              • BeginPath.GDI32(?), ref: 0044723D
              • SelectObject.GDI32(?,00000000), ref: 00447266
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Object$Select$BeginCreateDeletePath
              • String ID:
              • API String ID: 2338827641-0
              • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
              • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
              • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
              • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
              APIs
              • Sleep.KERNEL32(00000000), ref: 00434598
              • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
              • Sleep.KERNEL32(00000000), ref: 004345D4
              • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CounterPerformanceQuerySleep
              • String ID:
              • API String ID: 2875609808-0
              • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
              • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
              • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
              • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
              APIs
              • GetDlgItem.USER32(?,000003E9), ref: 00460C17
              • GetWindowTextW.USER32(00000000,?,00000100), ref: 00460C2E
              • MessageBeep.USER32(00000000), ref: 00460C46
              • KillTimer.USER32(?,0000040A), ref: 00460C68
              • EndDialog.USER32(?,00000001), ref: 00460C83
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: BeepDialogItemKillMessageTextTimerWindow
              • String ID:
              • API String ID: 3741023627-0
              • Opcode ID: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
              • Instruction ID: 069ac2582a8c3c153a507cef710a9e07e91c6f457c78871e3a9641c65eda6ae6
              • Opcode Fuzzy Hash: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
              • Instruction Fuzzy Hash: AB01DD315403086BE7349B54EE8DBDB737CFB14705F00465FB645921C0E7F4A9948B95
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Destroy$DeleteObjectWindow$Icon
              • String ID:
              • API String ID: 4023252218-0
              • Opcode ID: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
              • Instruction ID: b4c4dbb9b59ba1bd7f08d964dfa6937d7ad9fb038e30cf105cf785d591c64ca0
              • Opcode Fuzzy Hash: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
              • Instruction Fuzzy Hash: D5014870301A01DBDB10EF65E9D8A2B77A8BF48762F10462AFD04D7352D739D849CBA9
              APIs
              • SendMessageW.USER32(?,00001101,00000000,?), ref: 004555FC
              • DeleteObject.GDI32(?), ref: 00455736
              • DeleteObject.GDI32(?), ref: 00455744
              • DestroyIcon.USER32(?), ref: 00455752
              • DestroyWindow.USER32(?), ref: 00455760
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: DeleteDestroyObject$IconMessageSendWindow
              • String ID:
              • API String ID: 1489400265-0
              • Opcode ID: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
              • Instruction ID: 3262712e9a8127eed33bb9eb3d9864066e7dde5d47db0d590f2b6463dd6d37f9
              • Opcode Fuzzy Hash: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
              • Instruction Fuzzy Hash: 07017C74300601DBCB10EF25EEC8A2A73A8BF48712F004569FE019B286D778DC49CB68
              APIs
                • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
              • DestroyWindow.USER32(?), ref: 00455728
              • DeleteObject.GDI32(?), ref: 00455736
              • DeleteObject.GDI32(?), ref: 00455744
              • DestroyIcon.USER32(?), ref: 00455752
              • DestroyWindow.USER32(?), ref: 00455760
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
              • String ID:
              • API String ID: 1042038666-0
              • Opcode ID: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
              • Instruction ID: 2016740d4609c4bbd0e5f1cf6dc7522ca00853e433b5032f7809eda0dc31aff9
              • Opcode Fuzzy Hash: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
              • Instruction Fuzzy Hash: 3701F670200601DBCB10EF69E9D8A2B37ACAF49762B00466AFD01D7256D769DC498B69
              APIs
              • __getptd.LIBCMT ref: 0041780F
                • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
              • __getptd.LIBCMT ref: 00417826
              • __amsg_exit.LIBCMT ref: 00417834
              • __lock.LIBCMT ref: 00417844
              • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
              • String ID:
              • API String ID: 938513278-0
              • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
              • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
              • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
              • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
              APIs
                • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
              • ___set_flsgetvalue.LIBCMT ref: 004151C0
                • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
              • ___fls_getvalue@4.LIBCMT ref: 004151CB
                • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
              • ___fls_setvalue@8.LIBCMT ref: 004151DD
              • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
              • ExitThread.KERNEL32 ref: 004151ED
              • __freefls@4.LIBCMT ref: 00415209
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
              • String ID:
              • API String ID: 4247068974-0
              • Opcode ID: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
              • Instruction ID: 3b3fb4cf1982b2ada2e5851f983e2cc6228237abb2dca353483d11accd99f00a
              • Opcode Fuzzy Hash: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
              • Instruction Fuzzy Hash: E5E0B631848705AECB013BB29D1E9DF3A799E54749B20082ABE1492122EE6C88D1C669
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID:
              • String ID: )$U$\
              • API String ID: 0-3705770531
              • Opcode ID: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
              • Instruction ID: d0f1885598f34d5f764b4f2a5794ec4e3d7857f6dac93f6e146ba8491093b400
              • Opcode Fuzzy Hash: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
              • Instruction Fuzzy Hash: 83C1C074A00249CFEB24CF69C5806AEBBF2FF85304F2481ABD8569B351D739994ACF15
              APIs
                • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
              • CoInitialize.OLE32(00000000), ref: 0046E505
              • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
              • CoUninitialize.OLE32 ref: 0046E53D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CreateInitializeInstanceUninitialize_wcslen
              • String ID: .lnk
              • API String ID: 886957087-24824748
              • Opcode ID: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
              • Instruction ID: 2644725dabb75134900838bfbf7f9974cf5b6b8c274c659ea1b0544ab4b4cf98
              • Opcode Fuzzy Hash: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
              • Instruction Fuzzy Hash: A6A1CB756042019FC700EF65C980E5BB7E9AFC8308F108A5EF9859B392DB35EC45CBA6
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: \
              • API String ID: 4104443479-2967466578
              • Opcode ID: 236e1e21dc65edc907fd0526d8e82b29cd887e6a6cae6abce2d2318f267918b8
              • Instruction ID: 90b25fc4546a2c21e21e7939c456fa175a28996bec6c3309f7edcf8d77039fcb
              • Opcode Fuzzy Hash: 236e1e21dc65edc907fd0526d8e82b29cd887e6a6cae6abce2d2318f267918b8
              • Instruction Fuzzy Hash: 8AB1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED451AB381D7795946CB1A
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: \
              • API String ID: 4104443479-2967466578
              • Opcode ID: aaea77048b6460e77790bc9063151364371e311f89c51572a31744d174c5d814
              • Instruction ID: 47d8400a167da4587eb122393216330e55bf30386b581c043e0675457d4a745f
              • Opcode Fuzzy Hash: aaea77048b6460e77790bc9063151364371e311f89c51572a31744d174c5d814
              • Instruction Fuzzy Hash: F1B1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED451AB381D7795946CB1A
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: \
              • API String ID: 4104443479-2967466578
              • Opcode ID: 51371dbcd6d614fdce5bfd4d2520a50a5cfc61004088100711ab8bbb78939718
              • Instruction ID: 4d1558bed40bbae7f26d93592334ac0d2c658ca85fbb7fec499742c135aa7d63
              • Opcode Fuzzy Hash: 51371dbcd6d614fdce5bfd4d2520a50a5cfc61004088100711ab8bbb78939718
              • Instruction Fuzzy Hash: E5A1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED441AB381D7795946CB1A
              Strings
              • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0046A75B
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmovestd::exception::exception$Exception@8Throw_malloc_wcslen
              • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
              • API String ID: 708495834-557222456
              • Opcode ID: 3a13b15884de974d4fda4968be31590525042cec53bcb86b62071813a3441500
              • Instruction ID: 9c514e09f8cb76db8ae150367893d7536957bb5c5403f45e3580b17af89e858a
              • Opcode Fuzzy Hash: 3a13b15884de974d4fda4968be31590525042cec53bcb86b62071813a3441500
              • Instruction Fuzzy Hash: 7C917F711087009FC310EF65C88186BB7E8AF89314F148D2FF595672A2E778E919CB9B
              APIs
                • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
              • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
              • String ID: @
              • API String ID: 4150878124-2766056989
              • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
              • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
              • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
              • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: \$]$h
              • API String ID: 4104443479-3262404753
              • Opcode ID: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
              • Instruction ID: f8aecd1968ad4f88b1990a67d2c0a139cd5c037738d7fdf96801fcbc28408ccb
              • Opcode Fuzzy Hash: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
              • Instruction Fuzzy Hash: 97518470E00209DFDF18CFA5C980AAEB7F2BF85304F29826AD405AB355D7385D45CB55
              APIs
              • ShellExecuteExW.SHELL32(0000003C), ref: 00457D67
                • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
              • CloseHandle.KERNEL32(?), ref: 00457E09
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CloseExecuteHandleShell_wcscpy_wcslen
              • String ID: <$@
              • API String ID: 2417854910-1426351568
              • Opcode ID: 024707e8d0be736fd9aee974053134abdf34597ecb22147b7e98c4ffc578353a
              • Instruction ID: b88a15a70aa0ad5f6f29005b2a8070d35214d1ef645994392ec84fe4d9ca6df0
              • Opcode Fuzzy Hash: 024707e8d0be736fd9aee974053134abdf34597ecb22147b7e98c4ffc578353a
              • Instruction Fuzzy Hash: C751D3719002089BDB10EFA1D985AAFB7B4EF44309F10446EED05AB352DB79ED49CB94
              APIs
              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
              • String ID:
              • API String ID: 3705125965-3916222277
              • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
              • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
              • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
              • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
              APIs
              • GetMenuItemInfoW.USER32 ref: 0045FAC4
              • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
              • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Menu$Delete$InfoItem
              • String ID: 0
              • API String ID: 135850232-4108050209
              • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
              • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
              • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
              • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
              APIs
              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0045085F
              • GetWindowLongW.USER32(?,000000F0), ref: 0045087D
              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0045088E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$Long
              • String ID: SysTreeView32
              • API String ID: 847901565-1698111956
              • Opcode ID: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
              • Instruction ID: 2f6c96d6d770cdd7f6b01965cae739f5ffbb06f7b8c4bfc7c6bf121f6b9a1f40
              • Opcode Fuzzy Hash: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
              • Instruction Fuzzy Hash: 34418D75500205ABEB10DF29DC84FEB33A8FB49325F20471AF865972D1D778E895CBA8
              APIs
              • LoadLibraryA.KERNEL32(?), ref: 00434B10
              • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
              • FreeLibrary.KERNEL32(?), ref: 00434B9F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Library$AddressFreeLoadProc
              • String ID: AU3_GetPluginDetails
              • API String ID: 145871493-4132174516
              • Opcode ID: 0d93a6c355c5203184799a33f2434a943b1e8201a5819815a0dfafb740a17048
              • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
              • Opcode Fuzzy Hash: 0d93a6c355c5203184799a33f2434a943b1e8201a5819815a0dfafb740a17048
              • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
              APIs
              • DestroyWindow.USER32(00000000), ref: 00450A2F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: DestroyWindow
              • String ID: msctls_updown32
              • API String ID: 3375834691-2298589950
              • Opcode ID: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
              • Instruction ID: fccd3fcc05e4e2aaf5990a1cc96ccc3c6d01ef6560d5fec67e6c7c3c5f699695
              • Opcode Fuzzy Hash: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
              • Instruction Fuzzy Hash: 213182767402056FE710DF58EC81FAB3368FF99710F10411AFA009B282C7B5AC96C7A8
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: $<
              • API String ID: 4104443479-428540627
              • Opcode ID: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
              • Instruction ID: e8c4ca86f7ae52158d8313b00b6d431508e51e3fea12eaab667d4a9530e7d8b8
              • Opcode Fuzzy Hash: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
              • Instruction Fuzzy Hash: A331EF30D04258DEFF25CFAAC9847EEBBB1AF11310F18419AD455A7382D7789E48CB25
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$DiskFreeSpace
              • String ID: \VH
              • API String ID: 1682464887-234962358
              • Opcode ID: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
              • Instruction ID: 72795a51c8fd7a71edb0939b11d44c3a5eb04741920228a3d2c34b8a4a3992bf
              • Opcode Fuzzy Hash: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
              • Instruction Fuzzy Hash: B5217171D002089FCB00EFA5D98499EBBB8FF48314F1184AAE805AB351D7349E05CB64
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$DiskFreeSpace
              • String ID: \VH
              • API String ID: 1682464887-234962358
              • Opcode ID: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
              • Instruction ID: ae55674c87016058c86dc8d4ad6f5a536cd264dc70ae423c542bf2f5a0a67e7a
              • Opcode Fuzzy Hash: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
              • Instruction Fuzzy Hash: C9316F75E002089FCB00EFA5D985A9DBBB4FF48314F1080AAE904AB351CB75EE05CB94
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D87B
              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D8F0
              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D93A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$DiskFreeSpace
              • String ID: \VH
              • API String ID: 1682464887-234962358
              • Opcode ID: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
              • Instruction ID: e5212c229d9c2069cdfe567d9572a18bb695f81ecf44ad0a977260396f8f3e20
              • Opcode Fuzzy Hash: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
              • Instruction Fuzzy Hash: E6316D75E002089FCB00EFA5D984A9EBBB4FF48314F1084AAE904AB351CB35DE05CB94
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D37E
              • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3F4
              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D437
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$InformationVolume
              • String ID: \VH
              • API String ID: 2507767853-234962358
              • Opcode ID: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
              • Instruction ID: 9072e4f9bd6fffdf4d5f5b526d3ef1379cf95bcdbb04681c41660468616ecd75
              • Opcode Fuzzy Hash: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
              • Instruction Fuzzy Hash: E5213075A002099FC714EF95CD85EAEB7B8FF88300F1084AAE905A73A1D774EA45CB54
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D55C
              • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D5D2
              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D608
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$InformationVolume
              • String ID: \VH
              • API String ID: 2507767853-234962358
              • Opcode ID: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
              • Instruction ID: 5d1496e5fec29648c5677f840c6a5ff7f703137340fc9510fe584f3610dc7e3a
              • Opcode Fuzzy Hash: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
              • Instruction Fuzzy Hash: 88218271A00209AFC714EF95C885EAEB7B4FF48300F0084AEF505A72A1D774E905CB58
              APIs
              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450B3B
              • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450B51
              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450B5F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend
              • String ID: msctls_trackbar32
              • API String ID: 3850602802-1010561917
              • Opcode ID: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
              • Instruction ID: cc80dcb7cd3031ad5716ab9229ca2671b5dcb2452333e47e40e099fef7a03d8b
              • Opcode Fuzzy Hash: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
              • Instruction Fuzzy Hash: 301196757403197BEB109EA8DC81FDB339CAB58B64F204216FA10A72C1D6B4FC5187A8
              APIs
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • CLSIDFromString.OLE32(?,00000000), ref: 00435236
              • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
              • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
              • String ID: crts
              • API String ID: 943502515-3724388283
              • Opcode ID: 40b31a333eb7476a62df36d3901cfd3ac81be6161b83df73f279b0f39755a10c
              • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
              • Opcode Fuzzy Hash: 40b31a333eb7476a62df36d3901cfd3ac81be6161b83df73f279b0f39755a10c
              • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
              APIs
              • SetErrorMode.KERNEL32(00000001), ref: 0045D2D2
              • SetVolumeLabelW.KERNEL32(?,00000000), ref: 0045D331
              • SetErrorMode.KERNEL32(?), ref: 0045D35C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorMode$LabelVolume
              • String ID: \VH
              • API String ID: 2006950084-234962358
              • Opcode ID: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
              • Instruction ID: 93ef07912bcba266d24f4400c0aa25f887f93b2782b8649f9ae8f5902fc9f078
              • Opcode Fuzzy Hash: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
              • Instruction Fuzzy Hash: 10115175900105DFCB00EFA5D94499EBBB4FF48315B1084AAEC09AB352D774ED45CBA5
              APIs
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • GetMenuItemInfoW.USER32 ref: 00449727
              • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00449751
              • DrawMenuBar.USER32 ref: 00449761
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Menu$InfoItem$Draw_malloc
              • String ID: 0
              • API String ID: 772068139-4108050209
              • Opcode ID: 796cf99e599125ef77e72d8882efc68ad7cb1b8d8dcdf7b71fd5d941644d2c32
              • Instruction ID: eb12e692e9d899ed3776fa10421b592e4983edb38958d2313c52402e3f8558b6
              • Opcode Fuzzy Hash: 796cf99e599125ef77e72d8882efc68ad7cb1b8d8dcdf7b71fd5d941644d2c32
              • Instruction Fuzzy Hash: 7711A3B1A10208AFEB10DF55DC49BAFB774EF85314F0041AEFA098B250DB759944DFA5
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$_wcscpy
              • String ID: 3, 3, 8, 1
              • API String ID: 3469035223-357260408
              • Opcode ID: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
              • Instruction ID: 583e1dd4926d5dc430cd1974fab242c37593855fc3f83b6d902887b8cb8118b3
              • Opcode Fuzzy Hash: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
              • Instruction Fuzzy Hash: 44F06D61510655E2CB34A791AD917FF72546F44341F00947BD90ED2190F368CB85CF99
              APIs
              • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
              • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID: ICMP.DLL$IcmpCloseHandle
              • API String ID: 2574300362-3530519716
              • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
              • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
              • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
              • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
              APIs
              • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
              • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID: ICMP.DLL$IcmpCreateFile
              • API String ID: 2574300362-275556492
              • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
              • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
              • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
              • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
              APIs
              • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
              • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID: ICMP.DLL$IcmpSendEcho
              • API String ID: 2574300362-58917771
              • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
              • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
              • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
              • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
              APIs
              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID: RegDeleteKeyExW$advapi32.dll
              • API String ID: 2574300362-4033151799
              • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
              • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
              • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
              • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
              APIs
              • VariantInit.OLEAUT32(?), ref: 0047950F
              • SysAllocString.OLEAUT32(00000000), ref: 004795D8
              • VariantCopy.OLEAUT32(?,?), ref: 0047960F
              • VariantClear.OLEAUT32(?), ref: 00479650
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Variant$AllocClearCopyInitString
              • String ID:
              • API String ID: 2808897238-0
              • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
              • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
              • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
              • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
              APIs
              • SendMessageW.USER32(00000000,0000110A,00000004,?), ref: 00469990
              • __itow.LIBCMT ref: 004699CD
                • Part of subcall function 00461C4A: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00461CC2
              • SendMessageW.USER32(00000000,0000110A,00000001,?), ref: 00469A3D
              • __itow.LIBCMT ref: 00469A97
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$__itow
              • String ID:
              • API String ID: 3379773720-0
              • Opcode ID: c3a956d33284f2c9f3f86cb058cc2767b53d45f45b0f3b019056d4494472ccb7
              • Instruction ID: c5a9f548720e127460bbd30f9c4a1142764b372a0404ca0a71d180b9b8c9b2b0
              • Opcode Fuzzy Hash: c3a956d33284f2c9f3f86cb058cc2767b53d45f45b0f3b019056d4494472ccb7
              • Instruction Fuzzy Hash: E8415671A002096BDB14EF95D981AEF77BC9F58314F00405EFA0567281E7789E46CBE9
              APIs
              • GetWindowRect.USER32(?,?), ref: 00449A4A
              • ScreenToClient.USER32(?,?), ref: 00449A80
              • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$ClientMoveRectScreen
              • String ID:
              • API String ID: 3880355969-0
              • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
              • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
              • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
              • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __flsbuf__flush__getptd_noexit__write_memmove
              • String ID:
              • API String ID: 2782032738-0
              • Opcode ID: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
              • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
              • Opcode Fuzzy Hash: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
              • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
              APIs
              • ClientToScreen.USER32(00000000,?), ref: 0044169A
              • GetWindowRect.USER32(?,?), ref: 00441722
              • PtInRect.USER32(?,?,?), ref: 00441734
              • MessageBeep.USER32(00000000), ref: 004417AD
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Rect$BeepClientMessageScreenWindow
              • String ID:
              • API String ID: 1352109105-0
              • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
              • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
              • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
              • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
              APIs
              • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D248
              • GetLastError.KERNEL32(?,00000000), ref: 0045D26C
              • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 0045D28C
              • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 0045D2AA
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CreateHardLink$DeleteErrorFileLast
              • String ID:
              • API String ID: 3321077145-0
              • Opcode ID: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
              • Instruction ID: 6818256dd78c2cb29ac0ce267de24fb792dca3a41353b59757f5ace631f71379
              • Opcode Fuzzy Hash: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
              • Instruction Fuzzy Hash: DC318DB1A00201EBDB10EFB5C945A1ABBE8AF45319F10885EFC44AB343CB79ED45CB94
              APIs
              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
              • __isleadbyte_l.LIBCMT ref: 004208A6
              • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
              • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
              • String ID:
              • API String ID: 3058430110-0
              • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
              • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
              • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
              • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
              APIs
              • GetParent.USER32(?), ref: 004503C8
              • DefDlgProcW.USER32(?,00000138,?,?), ref: 00450417
              • DefDlgProcW.USER32(?,00000133,?,?), ref: 00450466
              • DefDlgProcW.USER32(?,00000134,?,?), ref: 00450497
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Proc$Parent
              • String ID:
              • API String ID: 2351499541-0
              • Opcode ID: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
              • Instruction ID: 48835c6935d03606f494e5d0f95072c3389227be5880c4b08380f2331de9f088
              • Opcode Fuzzy Hash: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
              • Instruction Fuzzy Hash: F231B73A2001046BD720CF18DC94DAB7719EF97335B14461BFA298B3D3CB759856C769
              APIs
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442AC9
              • TranslateMessage.USER32(?), ref: 00442B01
              • DispatchMessageW.USER32(?), ref: 00442B0B
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442B21
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Message$Peek$DispatchTranslate
              • String ID:
              • API String ID: 1795658109-0
              • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
              • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
              • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
              • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
              APIs
              • GetForegroundWindow.USER32(?,?,?), ref: 0047439C
                • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
              • GetCaretPos.USER32(?), ref: 004743B2
              • ClientToScreen.USER32(00000000,?), ref: 004743E8
              • GetForegroundWindow.USER32 ref: 004743EE
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
              • String ID:
              • API String ID: 2759813231-0
              • Opcode ID: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
              • Instruction ID: 29594bdffde582d62cf8cb535202cb0f6e37f5c0e74140e0e8dac686a3932322
              • Opcode Fuzzy Hash: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
              • Instruction Fuzzy Hash: 2F21AC71A00305ABD710EF75CC86B9E77B9AF44708F14446EF644BB2C2DBF9A9408BA5
              APIs
                • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
              • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 00449507
              • _wcslen.LIBCMT ref: 00449519
              • _wcslen.LIBCMT ref: 00449526
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend_wcslen$_wcspbrk
              • String ID:
              • API String ID: 2886238975-0
              • Opcode ID: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
              • Instruction ID: 7d4d19c59aaf55394df3596c947b25f6969e765268ec3300c5285dc4bbf20b28
              • Opcode Fuzzy Hash: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
              • Instruction Fuzzy Hash: F7213A76B00208A6E730DF55ED81BEFB368EBA0310F10416FFF0896240E6794D55C799
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __setmode$DebugOutputString_fprintf
              • String ID:
              • API String ID: 1792727568-0
              • Opcode ID: 2ec4448ab620bd7111f1807c33ee2a8c448127a9493604cdb80b912c51ee9b21
              • Instruction ID: 94d91137fd77379d51e6296772f15362c7f2cf1f8b16651245aa9cc134f84072
              • Opcode Fuzzy Hash: 2ec4448ab620bd7111f1807c33ee2a8c448127a9493604cdb80b912c51ee9b21
              • Instruction Fuzzy Hash: 5411A1B2D0020477DB107BB69C469AF7B2C8B55728F04416EF91573243E97C6A4947AB
              APIs
                • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
              • GetWindowLongW.USER32(?,000000EC), ref: 0047A2DF
              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A2FA
              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A312
              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001), ref: 0047A321
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$Long$AttributesLayered
              • String ID:
              • API String ID: 2169480361-0
              • Opcode ID: 08dcd2e5386a87cad46f4510cadd52763bceb9adb2884f8b63ead6fb3e0fdbd4
              • Instruction ID: 4b457c036b32d13d4d6aa44b7b333d7b15c6210fa1ac615a770d46c951a2b689
              • Opcode Fuzzy Hash: 08dcd2e5386a87cad46f4510cadd52763bceb9adb2884f8b63ead6fb3e0fdbd4
              • Instruction Fuzzy Hash: E321C3322045146BD310AB19EC45F9BB798EF81334F20862BF859E72D1C779A855C7AC
              APIs
                • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                • Part of subcall function 00434C09: lstrcpyW.KERNEL32(00000000,?), ref: 00434C44
                • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
              • lstrlenW.KERNEL32(?), ref: 00434CF6
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • lstrcpyW.KERNEL32(00000000,?), ref: 00434D1E
              • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: lstrcmpilstrcpylstrlen$_malloc
              • String ID: cdecl
              • API String ID: 3850814276-3896280584
              • Opcode ID: 520ea748a57fe22ea74bd1fa5c922473780448e1e79c9b4dd7d5884190395370
              • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
              • Opcode Fuzzy Hash: 520ea748a57fe22ea74bd1fa5c922473780448e1e79c9b4dd7d5884190395370
              • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
              APIs
              • SendMessageW.USER32 ref: 00448C69
              • GetWindowLongW.USER32(?,000000EC), ref: 00448C91
              • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448CCA
              • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D13
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend$LongWindow
              • String ID:
              • API String ID: 312131281-0
              • Opcode ID: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
              • Instruction ID: 9d65767971b32091eca868ce8e4b461936feaca2c152e776436a997c982fc1ac
              • Opcode Fuzzy Hash: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
              • Instruction Fuzzy Hash: 782186711193009BE3209F18DD88B9FB7E4FBD5325F140B1EF994962D0DBB58448C755
              APIs
              • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00458ABD
              • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00458ACF
              • accept.WSOCK32(00000000,00000000,00000000), ref: 00458ADE
              • WSAGetLastError.WSOCK32(00000000), ref: 00458B03
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLastacceptselect
              • String ID:
              • API String ID: 385091864-0
              • Opcode ID: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
              • Instruction ID: 6dce411450cb473f00463c700f03c36a20fe0f69cdcaeecb298670ce0bdbd9a3
              • Opcode Fuzzy Hash: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
              • Instruction Fuzzy Hash: 032192716002049FD714EF69DD45BAAB7E8EB94310F10866EF988DB380DBB4A9808B94
              APIs
              • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend
              • String ID:
              • API String ID: 3850602802-0
              • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
              • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
              • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
              • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
              APIs
              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00400000,00000000), ref: 00430242
              • GetStockObject.GDI32(00000011), ref: 00430258
              • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
              • ShowWindow.USER32(00000000,00000000), ref: 0043027D
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Window$CreateMessageObjectSendShowStock
              • String ID:
              • API String ID: 1358664141-0
              • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
              • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
              • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
              • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
              APIs
              • GetCurrentThreadId.KERNEL32 ref: 00443CA6
              • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
              • CloseHandle.KERNEL32(00000000), ref: 00443CF9
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
              • String ID:
              • API String ID: 2880819207-0
              • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
              • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
              • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
              • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
              APIs
              • GetWindowRect.USER32(?,?), ref: 00430BA2
              • ScreenToClient.USER32(?,?), ref: 00430BC1
              • ScreenToClient.USER32(?,?), ref: 00430BE2
              • InvalidateRect.USER32(?,?,?,?,?), ref: 00430BFB
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ClientRectScreen$InvalidateWindow
              • String ID:
              • API String ID: 357397906-0
              • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
              • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
              • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
              • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
              APIs
              • __wsplitpath.LIBCMT ref: 0043392E
                • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
              • __wsplitpath.LIBCMT ref: 00433950
              • __wcsicoll.LIBCMT ref: 00433974
              • __wcsicoll.LIBCMT ref: 0043398A
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
              • String ID:
              • API String ID: 1187119602-0
              • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
              • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
              • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
              • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcslen$_malloc_wcscat_wcscpy
              • String ID:
              • API String ID: 1597257046-0
              • Opcode ID: cedf8b2ef363de5bc3276eb10c4806627e9c66f5cf78f194910281443acc885a
              • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
              • Opcode Fuzzy Hash: cedf8b2ef363de5bc3276eb10c4806627e9c66f5cf78f194910281443acc885a
              • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
              APIs
              • GetEnvironmentStringsW.KERNEL32(00000000,00416513), ref: 0041F587
              • __malloc_crt.LIBCMT ref: 0041F5B6
              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041F5C3
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: EnvironmentStrings$Free__malloc_crt
              • String ID:
              • API String ID: 237123855-0
              • Opcode ID: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
              • Instruction ID: d6a98a4ee5591e13f27bf8bfb2f7094eea62761642478a01f8f101a8eeefaa10
              • Opcode Fuzzy Hash: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
              • Instruction Fuzzy Hash: D1F08277505220BB8A25BF35BC458DB277ADAD536531A443BF407C3206F66C8ECB82B9
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: DeleteDestroyObject$IconWindow
              • String ID:
              • API String ID: 3349847261-0
              • Opcode ID: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
              • Instruction ID: b40ecd1d224a0eee13877c21127d2214a34fa415f2bf64fab3c1d23e87691ec4
              • Opcode Fuzzy Hash: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
              • Instruction Fuzzy Hash: 60F03C74200601DBC720EF66EDD892B77ACEF49762B00452AFD01D7256D738DC49CB69
              APIs
              • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
              • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
              • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
              • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CriticalSection$Leave$EnterExchangeInterlocked
              • String ID:
              • API String ID: 2223660684-0
              • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
              • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
              • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
              • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
              APIs
                • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
              • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
              • LineTo.GDI32(?,?,?), ref: 00447326
              • EndPath.GDI32(?), ref: 00447336
              • StrokePath.GDI32(?), ref: 00447344
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
              • String ID:
              • API String ID: 2783949968-0
              • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
              • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
              • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
              • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
              APIs
              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
              • GetCurrentThreadId.KERNEL32 ref: 004364A3
              • AttachThreadInput.USER32(00000000), ref: 004364AA
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
              • String ID:
              • API String ID: 2710830443-0
              • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
              • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
              • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
              • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
              APIs
              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
              • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
              • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
              • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
              • String ID:
              • API String ID: 146765662-0
              • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
              • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
              • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
              • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
              APIs
              • GetDesktopWindow.USER32 ref: 00472B63
              • GetDC.USER32(00000000), ref: 00472B6C
              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00472B78
              • ReleaseDC.USER32(00000000,?), ref: 00472B99
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CapsDesktopDeviceReleaseWindow
              • String ID:
              • API String ID: 2889604237-0
              • Opcode ID: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
              • Instruction ID: 759e45c534ddacfdadb557a06d932f9b55f62470d77a370046d272fbe6975a9a
              • Opcode Fuzzy Hash: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
              • Instruction Fuzzy Hash: BFF03071900205AFDB00EFB5DA4DA5DB7F4FB44315B10887EFD05D7251EAB59900DB54
              APIs
              • GetDesktopWindow.USER32 ref: 00472BB2
              • GetDC.USER32(00000000), ref: 00472BBB
              • GetDeviceCaps.GDI32(00000000,00000074), ref: 00472BC7
              • ReleaseDC.USER32(00000000,?), ref: 00472BE8
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CapsDesktopDeviceReleaseWindow
              • String ID:
              • API String ID: 2889604237-0
              • Opcode ID: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
              • Instruction ID: 439663e17c05eb9dd95bc161916493026628bcc8c78d0f5787bb5213a8e6c1b3
              • Opcode Fuzzy Hash: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
              • Instruction Fuzzy Hash: FAF03075900205AFCB00EFB5DA8856DB7F4FB84315B10887EFD05D7250DB7999019B94
              APIs
              • __getptd_noexit.LIBCMT ref: 00415150
                • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
              • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
              • __freeptd.LIBCMT ref: 0041516B
              • ExitThread.KERNEL32 ref: 00415173
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit
              • String ID:
              • API String ID: 1454798553-0
              • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
              • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
              • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
              • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _strncmp
              • String ID: Q\E
              • API String ID: 909875538-2189900498
              • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
              • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
              • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
              • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove_strncmp
              • String ID: U$\
              • API String ID: 2666721431-100911408
              • Opcode ID: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
              • Instruction ID: d3eef72359a6f1828d14317ef8b56b8bfbdd52bf5bc7584d89ae5f72f5b530e1
              • Opcode Fuzzy Hash: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
              • Instruction Fuzzy Hash: 13718F70E00245CFEF24CFA9C9906AEFBF2AF99304F24826ED445A7345D778A946CB15
              APIs
                • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
              • __wcsnicmp.LIBCMT ref: 00467288
              • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 0046732E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Connection__wcsnicmp_wcscpy_wcslen
              • String ID: LPT
              • API String ID: 3035604524-1350329615
              • Opcode ID: d6ee32a1e65a10be59cd2aee46927f2afb98f966929ec107a83db754813dcd00
              • Instruction ID: cd88b7ab87c5f5a0ce5478f82160e7cdfa8c7cefd9f65e810a8a3337a25aa570
              • Opcode Fuzzy Hash: d6ee32a1e65a10be59cd2aee46927f2afb98f966929ec107a83db754813dcd00
              • Instruction Fuzzy Hash: FB51E675A04204ABDB10DF54CC81FAFB7B5AB84708F10855EF905AB381E778EE85CB99
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: \$h
              • API String ID: 4104443479-677774858
              • Opcode ID: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
              • Instruction ID: de34c7bb2fe7d28e42aef252d9636822906cf09101983ade98a7172327fa6e04
              • Opcode Fuzzy Hash: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
              • Instruction Fuzzy Hash: F551A370E002098FDF18CFA9C980AAEB7F2BFC9304F28826AD405AB345D7389D45CB55
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memcmp
              • String ID: &
              • API String ID: 2931989736-1010288
              • Opcode ID: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
              • Instruction ID: 5cd53615f07abd051f481cac668b43ae4088e938354b3ed51608dfeeaf990cc9
              • Opcode Fuzzy Hash: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
              • Instruction Fuzzy Hash: EC517BB1A0011A9FDB18CF95D891ABFB7B5FF88300F14915AE815A7344D278AE42CBA4
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: \
              • API String ID: 4104443479-2967466578
              • Opcode ID: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
              • Instruction ID: e0e732097d18f8f10327b86eac3a97b4532b2e4be511d275227a7a0ca48fbcca
              • Opcode Fuzzy Hash: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
              • Instruction Fuzzy Hash: 2451C570E002498FEF24CFA9C8902AEFBB2BF95314F28826BD45597385D7395D86CB45
              APIs
              • _wcslen.LIBCMT ref: 00466825
              • InternetCrackUrlW.WININET(?,00000000,?), ref: 0046682F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CrackInternet_wcslen
              • String ID: |
              • API String ID: 596671847-2343686810
              • Opcode ID: 7cb74d60865eca5b28057979f277cd03318605ef9fe3268a007aa21ef86e616b
              • Instruction ID: c4ea99685e293915e64884ba1c360efc28696701351dc191072b09a6dd262d67
              • Opcode Fuzzy Hash: 7cb74d60865eca5b28057979f277cd03318605ef9fe3268a007aa21ef86e616b
              • Instruction Fuzzy Hash: B1415076E10209ABDB00EFA5D881BEEB7B8FF58314F00002AE604A7291D7757916CBE5
              APIs
              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend
              • String ID: '
              • API String ID: 3850602802-1997036262
              • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
              • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
              • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
              • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
              APIs
              • _strlen.LIBCMT ref: 0040F858
                • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
              • _sprintf.LIBCMT ref: 0040F9AE
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove$_sprintf_strlen
              • String ID: %02X
              • API String ID: 1921645428-436463671
              • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
              • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
              • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
              • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
              APIs
              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045109A
              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004510A8
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend
              • String ID: Combobox
              • API String ID: 3850602802-2096851135
              • Opcode ID: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
              • Instruction ID: 528d1b292af097fd122ed4be4541c74d7578eb88e117dd2fe935d7ad7cd5862b
              • Opcode Fuzzy Hash: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
              • Instruction Fuzzy Hash: 0A21A5716102096BEB10DE68DC85FDB3398EB59734F20431AFA24A72D1D3B9EC958768
              APIs
              • GetWindowTextLengthW.USER32(00000000), ref: 0045134A
              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0045135A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: LengthMessageSendTextWindow
              • String ID: edit
              • API String ID: 2978978980-2167791130
              • Opcode ID: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
              • Instruction ID: 5a0e340068a0ba28dc4d1c90c86d8b7761b767731f3a1bde811fb9e5560a91dc
              • Opcode Fuzzy Hash: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
              • Instruction Fuzzy Hash: BB2190761102056BEB108F68D894FEB33ADEB89339F10471AFD64D36E1C279DC458B68
              APIs
              • Sleep.KERNEL32(00000000), ref: 00476CB0
              • GlobalMemoryStatusEx.KERNEL32 ref: 00476CC3
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: GlobalMemorySleepStatus
              • String ID: @
              • API String ID: 2783356886-2766056989
              • Opcode ID: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
              • Instruction ID: 7847cb5f82098321599ebf91c79b9dffd15eff11c36c925ad8cec94a5f412430
              • Opcode Fuzzy Hash: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
              • Instruction Fuzzy Hash: 67217130508F0497C211BF6AAC4AB5E7BB8AF84B15F01886DF9C8A14D1DF745528C76F
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: htonsinet_addr
              • String ID: 255.255.255.255
              • API String ID: 3832099526-2422070025
              • Opcode ID: 336bf04b74032a76dffc0b3dec239f3a33009b0f842574d7a0c0b2a9c387c113
              • Instruction ID: fb726eff09ff94cff080b531f734a3fd27281744828c6f3d0166551fa69e616e
              • Opcode Fuzzy Hash: 336bf04b74032a76dffc0b3dec239f3a33009b0f842574d7a0c0b2a9c387c113
              • Instruction Fuzzy Hash: 5211E732600304ABCF10DF69EC85FAA73A8EF45324F04455BF9049B392D635E4518B59
              APIs
              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: InternetOpen
              • String ID: <local>
              • API String ID: 2038078732-4266983199
              • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
              • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
              • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
              • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: __fread_nolock_memmove
              • String ID: EA06
              • API String ID: 1988441806-3962188686
              • Opcode ID: 24569dc5cb1a7ad9c060fa553b036e472b1e882c473ac0d65276195ad808a589
              • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
              • Opcode Fuzzy Hash: 24569dc5cb1a7ad9c060fa553b036e472b1e882c473ac0d65276195ad808a589
              • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _memmove
              • String ID: u,D
              • API String ID: 4104443479-3858472334
              • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
              • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
              • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
              • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
              APIs
              • _wcslen.LIBCMT ref: 00401B11
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • _memmove.LIBCMT ref: 00401B57
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
              • String ID: @EXITCODE
              • API String ID: 2734553683-3436989551
              • Opcode ID: 6671e83096f05fbf7ed832023dfd6df0aed7d84870a55488e32c5eab381b68c1
              • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
              • Opcode Fuzzy Hash: 6671e83096f05fbf7ed832023dfd6df0aed7d84870a55488e32c5eab381b68c1
              • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
              APIs
              • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560FE
                • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
              • wsprintfW.USER32 ref: 0045612A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: MessageSend_mallocwsprintf
              • String ID: %d/%02d/%02d
              • API String ID: 1262938277-328681919
              • Opcode ID: 2f94ef12d061241edb9979ef4b8dfec1a2b2b476f2643c079f431c0c1a0d2850
              • Instruction ID: 953f6dd97ce98099cbba652085d0304866be84a46252058ffc4865c1a62d2123
              • Opcode Fuzzy Hash: 2f94ef12d061241edb9979ef4b8dfec1a2b2b476f2643c079f431c0c1a0d2850
              • Instruction Fuzzy Hash: 9DF0823274022866D7109BD9AD42FBEB3A8DB49762F00416BFE08E9180E6694854C3B9
              APIs
              • InternetCloseHandle.WININET(?), ref: 00442663
              • InternetCloseHandle.WININET ref: 00442668
                • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: CloseHandleInternet$ObjectSingleWait
              • String ID: aeB
              • API String ID: 857135153-906807131
              • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
              • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
              • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
              • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: _wcsncpy
              • String ID: ^B$C:\Users\user\Desktop\7uJ95NO82G.exe
              • API String ID: 1735881322-1277768769
              • Opcode ID: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
              • Instruction ID: 95fca152a805ab331260cabc3645652019b64b11bc5d0d7a1f408bc65d2df1f2
              • Opcode Fuzzy Hash: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
              • Instruction Fuzzy Hash: ADE0C23360051A7B9710DE4AD841DBBF37DEEC4A20B08802AF90883200E2B1BD1A43E4
              APIs
              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441BFE
              • PostMessageW.USER32(00000000), ref: 00441C05
                • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FindMessagePostSleepWindow
              • String ID: Shell_TrayWnd
              • API String ID: 529655941-2988720461
              • Opcode ID: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
              • Instruction ID: aba4e04af0122a293c2d26b46e7c49f9db856b5fc79b6d6ac13cebee95b63d36
              • Opcode Fuzzy Hash: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
              • Instruction Fuzzy Hash: EFD0A772BC13013BFA6077745D0FF8B66145B14711F000C3A7B42E61C1D4F8E4018758
              APIs
              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441C2A
              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00441C3D
                • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: FindMessagePostSleepWindow
              • String ID: Shell_TrayWnd
              • API String ID: 529655941-2988720461
              • Opcode ID: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
              • Instruction ID: e91d5bd0f3095d95abf168919443ed1e5ef8457e9bc9ee6dadeb2d3358a759b2
              • Opcode Fuzzy Hash: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
              • Instruction Fuzzy Hash: 61D0A772B843017BFA6077745D0FF8B66145B14711F000C3A7B46A61C1D4F8D4018758
              APIs
              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004370D1
                • Part of subcall function 004118DA: _doexit.LIBCMT ref: 004118E6
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2542632000.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.2542606065.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542721621.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542753754.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542783969.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542814318.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2542874772.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_7uJ95NO82G.jbxd
              Similarity
              • API ID: Message_doexit
              • String ID: AutoIt$Error allocating memory.
              • API String ID: 1993061046-4017498283
              • Opcode ID: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
              • Instruction ID: aa36ec6b1cc278624b5c670a1a0522bf80bf1016c56dd6686bcadf549e8ac499
              • Opcode Fuzzy Hash: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
              • Instruction Fuzzy Hash: F1B092323C030627E50437910D0BF9D26003B64F02F220C067324280D204C90090131D